MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a67988cee62ae60e19714e1d9da8e5a661b65af2ab0f299f14adf13890f3328. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	7a67988cee62ae60e19714e1d9da8e5a661b65af2ab0f299f14adf13890f3328
SHA3-384 hash:	1f7ed4eaac1989391ee1f4e2907741d261668304fb44b81e452fa0bd105a2fc86269786b1f0502be4f146837970129b9
SHA1 hash:	4a9df2bbdb94d3218fedc0414e4cf46160d1c834
MD5 hash:	82d2d22ee4bc71eb325205cdd71028d4
humanhash:	football-glucose-fish-vegan
File name:	7a67988cee62ae60e19714e1d9da8e5a661b65af2ab0f299f14adf13890f3328
Download:	download sample
File size:	1'876'502 bytes
First seen:	2020-11-07 20:18:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep	49152:Lz071uv4BUMkibTIA5sf6r+WVc2HhG82StG7x+:NAB9
Threatray	102 similar samples on MalwareBazaar
TLSH	C09533175E0A5D3ECBBC26FC783E1F1B55C1CA11400659B0A2D724CB1B8DBBC29AB65E
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

80

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Coinminer-7331384-0

Win.Trojan.Coinminer-7331970-0

Win.Trojan.Coinminer-7331971-0

Win.Trojan.Coinminer-7332650-0

Win.Trojan.Coinminer-9670639-0

Win.Trojan.Coinminer-9787657-0

Win.Trojan.Coinminer-9787666-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Connection attempt

Launching a process

Creating a process from a recently created file

Creating a window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7a67988cee62ae60e19714e1d9da8e5a661b65af2ab0f299f14adf13890f3328/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-07 20:38:53 UTC

AV detection:

31 of 48 (64.58%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

65ded04b1d36d94598bb961bc8186f91894c515cb40c8f4f55b32704997da35d

99a195a691e9d13e10c9ba4289042e1c224f278d96fffa362181899aa10e83ac

a170fe6e3f24d59751b8db1a95f124f9a58f410e20d7766dcf979d440334d1b7

bf405687cd27cfe531be4b76ba191961ebaccc8edf694766921a98f246b30178

c06cafcfdd784450a09653e8d571c658c25adf34b7a7e9715cf28cbd4353d3b8

c141c25789fb6d9ba283cf8b8657c97894132c998e91e2ff3dc79e9585addafe

c74a0dc8a8bcd0ecab2b7bff864a0e628b60d5269146027fa8f2bd0f2a4d0d3c

c7c51b4c380b59c364a3ec2bad5e69139c662ae2cf8e920954d2cb01b512c8fd

d915052332824bee34c8085d10aff66ba4649af45a2e94e7204293f6620afe9e

f1d2a644341ea818f5decd36f6a627b2e9e94ae5e4a023de22dd6c20580a68ad

+ 92 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201108-bbr37m6dkx/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Drops file in Windows directory

Loads dropped DLL

Executes dropped EXE

UPX packed file

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample