MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e118b534abb919903bc15b33f5fe2db15a54f7f39a7abc87c61e4617f35c0d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments

SHA256 hash: 7e118b534abb919903bc15b33f5fe2db15a54f7f39a7abc87c61e4617f35c0d2
SHA3-384 hash: 102299c74680ecdace4b5b6f60fc790f311911dd0e582f68705452a3702b18865c7de7d3988d961011614375ae04af17
SHA1 hash: 90374cb88ca94ed7cc0ec7a0eca33be01e40b6d0
MD5 hash: 629616cf3527c449d804903309e7ce66
humanhash: foxtrot-equal-louisiana-saturn
File name:SecuriteInfo.com.Trojan.BtcMine.2840.2982.31399
Download: download sample
Signature n/a
File size:1'280'512 bytes
First seen:2020-06-19 14:44:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e72731bca9642384c84ef52bd617a1ab (1 x GandCrab)
ssdeep 24576:2s235usSShAvauJRsi3sSyLMvcwot1J0lSDgB+aJ/YqDBjFu9:rMuMhIJyidyLM7otslWuJ/5Zu9
Threatray 673 similar samples on MalwareBazaar
TLSH F155023E29615C16F0D746305E9574008AD8CF440B537ECEB73B2AE8BE64696E8273DE
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
1
# of downloads :
70
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Sodinok
Status:
Malicious
First seen:
2018-09-06 09:48:45 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops startup file
UPX packed file

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:XMRIG_Miner

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7e118b534abb919903bc15b33f5fe2db15a54f7f39a7abc87c61e4617f35c0d2

(this sample)

  
Delivery method
Distributed via web download

Comments