MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 780b58f0b7718cdfbf733122b8e8a1fb490596951dd3ead4cdc2059d352d616a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	780b58f0b7718cdfbf733122b8e8a1fb490596951dd3ead4cdc2059d352d616a
SHA3-384 hash:	6a550045af7279aadce240c3347b4508d7791046f0e53312f84bfe6103f1af7e21be5dbee39d731f0046e3df53c00185
SHA1 hash:	4d43546d4a77c9047f9e591ff3f890c58977a9ea
MD5 hash:	2671a85eb7c3f11633b22a8e9f58efac
humanhash:	foxtrot-stream-salami-mars
File name:	2671a85eb7c3f11633b22a8e9f58efac.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	2'716'042 bytes
First seen:	2021-11-13 07:35:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep	49152:mbsdjF19nufSMdvzBnckraOsFSdZj7UbJeB:JZuagvdckOOsFSQi
Threatray	1'150 similar samples on MalwareBazaar
TLSH	T187C52301B6C289B0E43319350A1ABB64BC7D79240E24DAEF57D12D26EF319816B35FB7
File icon (PE):
dhash icon	c070cc9cfecde976 (4 x LimeRAT, 3 x CoinMiner)
Reporter	abuse_ch
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

# of downloads :

178

Origin country :

n/a

Vendor Threat Intelligence

Detection:

CoinMiner02

Link:

https://www.capesandbox.com/analysis/205410/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.31721986.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Searching for the window

Creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware overlay packed

Link:

https://www.filescan.io/uploads/618f6ae63edf00a722d19caa/reports/b24858a1-feac-4671-8849-51a79f4ea22c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

XMRig Miner

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f5c471b8-f978-4819-834e-fc8786a95109

Result

Threat name:

Xmrig

Detection:

malicious

Classification:

evad.mine

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/888488

Signature

Antivirus detection for dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Drops PE files with benign system names

Found strings related to Crypto-Mining

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Query firmware table information (likely to detect VMs)

Sample is not signed and drops a device driver

Sigma detected: System File Execution Location Anomaly

System process connects to network (likely due to code injection or exploit)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Xmrig cryptocurrency miner

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/780b58f0b7718cdfbf733122b8e8a1fb490596951dd3ead4cdc2059d352d616a/

Threat name:

Win32.Coinminer.Malxmr

Status:

Malicious

First seen:

2021-09-24 15:27:18 UTC

AV detection:

21 of 28 (75.00%)

Threat level:

4/5

Verdict:

malicious

CoinMiner

13979361d20b6c7184a7d3a8e5454782162a4ab734d2f9a01ed8421aeea5eee9

CoinMiner

452d3d97689e5c5fcfdb2cad360b5768fbb7fedd07166e4e5131844196d4ddb0

CoinMiner

4e41b23135ccd630532e143f5b6d41ae6d050b284fceaef1ef959e2414cf7c9a

CoinMiner

5261874485f9fe16a78a558734e8652f93db1d544f3be331e7f6adc06f43ee98

CoinMiner

a045c1cc2b85a5106a89a970262a3ba07dc65d96573401f1f31b4f9867ba7130

CoinMiner

a4c57df59f0c85eebcb7b40263d8c3de037f41b7d2d43b6d34e7baf72a2e1448

CoinMiner

b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de

CoinMiner

c7962bac550ffe20ff69bbcecea355ea9689fa1e76506d3d8343f1b1f5619706

CoinMiner

+ 1'140 additional samples on MalwareBazaar

Result

Malware family:

xmrig

Score:

10/10

Tags:

family:xmrig miner

Link:

https://tria.ge/reports/211113-je9elsegb7/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Loads dropped DLL

Executes dropped EXE

XMRig Miner Payload

xmrig

Unpacked files

SH256 hash:

780b58f0b7718cdfbf733122b8e8a1fb490596951dd3ead4cdc2059d352d616a

MD5 hash:

2671a85eb7c3f11633b22a8e9f58efac

SHA1 hash:

4d43546d4a77c9047f9e591ff3f890c58977a9ea

Link:

https://www.unpac.me/results/64ff595c-2bf3-4700-93b6-c60410b83ce7/

Malware family:

XMRIG

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/780b58f0b771/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/205410/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample