MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f95b3558cb1a58a3a3bf3c6e41e936f2bc13c64e0be5092a2afa2cdd5ac370e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f95b3558cb1a58a3a3bf3c6e41e936f2bc13c64e0be5092a2afa2cdd5ac370e
SHA3-384 hash: d280c97d617816b4de51889aceb1d797b2b80a8f66d78d263f98b1d6ac98fb6778f12ba40d8bb03a0247e71fff557d7c
SHA1 hash: 9654a79b85f2b300efa76629ea0ace33d7185979
MD5 hash: aec7d22dbb1410417bfa763f55d907e6
humanhash: california-delta-cup-carpet
File name:aec7d22dbb1410417bfa763f55d907e6.exe
Download: download sample
Signature CoinMiner
Create hunting rule
File size:116'736 bytes
First seen:2022-07-19 15:35:28 UTC
Last seen:2022-07-23 04:15:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:wG5j7XKDbvZPGsIAX+gUK8qL4udUgdFS3eAmDA7b:wGxK3Z2nvmUP
Threatray 10 similar samples on MalwareBazaar
TLSH T1FEB3F50816A5C906C61D06B7E932CE349727FE849936C31215EFBE2FFC22B855A355E3
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon c61cc8c0c052d06c (1 x RedLineStealer, 1 x CoinMiner, 1 x AsyncRAT)
Reporter abuse_ch
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
314
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/291917/
Detection(s):
SecuriteInfo.com.Trojan.Downloader.10124.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/62d6cf670e298a94f3dead02/reports/fdbec648-525a-476c-adbe-89d9078056df/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1628a3e7-0377-4a05-87c3-29177d2e840a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1036668
Signature
.NET source code contains potential unpacker
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f95b3558cb1a58a3a3bf3c6e41e936f2bc13c64e0be5092a2afa2cdd5ac370e/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-07-19 10:27:38 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
13
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p6k3gvmmwgsyuor36pdoihutn4v4cpde4c7fbevcv6rm3vnmg4ha._file
Verdict:
unknown
Similar samples:
2447933c7bf0db3f5bdcf7c901f4dd45f08267cbb5c5e4efe5f5a118195f0f86
CoinMiner
2553f9ce605cd5e182e14b0152d29e29b15c2e3dc82b1ddbe8e1eb85bda84e83
CoinMiner
699d61469fd170d6cca80f781a3ab9b0041d75095ff8c59aa6afccf52b3e0278
CoinMiner
6c3cbdefbe361e591fcb562e6ceee5f992a874b0fbb81bf411a04e4c2ca57570
CoinMiner
875269cba0d717c29317564f708525dee36154ec1884ab41c17285ddff910094
CoinMiner
a0cfdb287a571e7585132886bc8a0ad8de4427eb4b2bad5e650d5921e4834e9e
CoinMiner
b1fa69e98d91d174851b755a68c214073833e5ac20fdd64f45a61ff0c4a47ad8
CoinMiner
c664b0caca95e6a5abc0c2f3a4e5db449f331a4ef9b04a2cc1305a767a9ffb5b
CoinMiner
ce442fab80f616645429e47bededf88f2104476899a35952f70e1e31a21e734a
CoinMiner
e1f0b80e829512170cf479a745a34334108357d4cda701e8be7c10190cb14618
CoinMiner
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220719-s1wv3sfhcn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
7f95b3558cb1a58a3a3bf3c6e41e936f2bc13c64e0be5092a2afa2cdd5ac370e
MD5 hash:
aec7d22dbb1410417bfa763f55d907e6
SHA1 hash:
9654a79b85f2b300efa76629ea0ace33d7185979
Link:
https://www.unpac.me/results/07ede182-1b7e-4151-9156-997ea022bb19/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.73
Link:
https://yomi.yoroi.company/submissions/7f95b3558cb1a58a3a3bf3c6e41e936f2bc13c64e0be5092a2afa2cdd5ac370e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_DiscordURL
Create hunting rule
Author:ditekSHen
Description:Detects executables Discord URL observed in first stage droppers
Rule name:MALWARE_Win_zgRAT
Create hunting rule
Author:ditekSHen
Description:Detects zgRAT
Rule name:SUSP_Discord_Attachments_URL
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects a PE file that contains an Discord Attachments URL. This is often used by Malware to download further payloads
Rule name:SUSP_PE_Discord_Attachment_Oct21_1
Create hunting rule
Author:Florian Roth
Description:Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe 7f95b3558cb1a58a3a3bf3c6e41e936f2bc13c64e0be5092a2afa2cdd5ac370e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2259001/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/291917/

Comments