MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c414f9241f0fe0539c6036ca5303576509e16983426aed658e3c3c446c121b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c414f9241f0fe0539c6036ca5303576509e16983426aed658e3c3c446c121b5
SHA3-384 hash: 0e092daee666e4724813440d31e930ab5b2183d43b3432c3d77e98a6d4ef44bd2e36d8192d16a3fd44c57336390c5993
SHA1 hash: eabf9bc7f64a41e48f45aa526e30d802380e78b2
MD5 hash: 56987739203c33d2ae1311bd99422fc3
humanhash: oxygen-fish-colorado-pip
File name:xmrig.cmd
Download: download sample
File size:19'032 bytes
First seen:2022-02-22 04:57:23 UTC
Last seen:Never
File type:cmd cmd
MIME type:text/x-msdos-batch
ssdeep 192:3dgeYa+3eRTtWq1vHaO0if2kZ3QEEQ58Eda:N7YPCBjUI2kdQLQ6Ea
TLSH T17D821F5629060BA2700325F053FABA5AF70AD89B37D855FE50E9135FEB80F543A3E1A4
Reporter adm1n_usa32
Tags:bat cmd XMRIG

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.BAT.Miner.gen.32271.6390.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
pup
Link:
https://www.filescan.io/uploads/62146d61a2660f3bb921d969/reports/a8f8d24d-1e42-4bb4-aee8-09a0e9f0fc17/overview
Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c414f9241f0fe0539c6036ca5303576509e16983426aed658e3c3c446c121b5/
Threat name:
Script-BAT.Trojan.Miner
Create hunting rule
Status:
Malicious
First seen:
2022-02-08 03:20:19 UTC
File Type:
Text (Batch)
AV detection:
4 of 28 (14.29%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/220222-g4x2rsdec2/
Behaviour
Delays execution with timeout.exe
Enumerates processes with tasklist
Kills process with WMI
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Drops file in Windows directory
Modifies file permissions
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c414f9241f0fe0539c6036ca5303576509e16983426aed658e3c3c446c121b5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PUA_Crypto_Mining_CommandLine_Indicators_Oct21
Create hunting rule
Author:Florian Roth
Description:Detects command line parameters often used by crypto mining software
Reference:https://www.poolwatch.io/coin/monero

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Batch (bat) bat 3433ab5ef474a7731205a298fb9a9e6a9c4c2f9aac27e8061dd1ce3f081069f7

cmd cmd 7c414f9241f0fe0539c6036ca5303576509e16983426aed658e3c3c446c121b5

(this sample)

  
Dropped by
SHA256 3433ab5ef474a7731205a298fb9a9e6a9c4c2f9aac27e8061dd1ce3f081069f7
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2051904/
  
URLhaus
https://urlhaus.abuse.ch/url/2052021/

Comments