MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8187b1e047ab685c1c47ebf14c27ff25acd8f0d185e0b97f66e9da4541a58b5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8187b1e047ab685c1c47ebf14c27ff25acd8f0d185e0b97f66e9da4541a58b5f
SHA3-384 hash: e8822dec8b4bac092234de3e714711c43753e8574cb5b3fa77d4bb628263a0f6dc0ebb0b50cd4ec8b8061cd780290b20
SHA1 hash: 229b9f7dca3f9a998f61922f00769e9d3c56fecc
MD5 hash: e73b2002ea53ce0f977b898a9b0c9327
humanhash: mobile-virginia-winner-cardinal
File name:8187b1e047ab685c1c47ebf14c27ff25acd8f0d185e0b97f66e9da4541a58b5f
Download: download sample
File size:10'934'541 bytes
First seen:2020-11-10 09:07:01 UTC
Last seen:2024-07-24 18:09:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep 196608:eJq4QMpwS/yU75uD+xekSZE4HtfNhnOUii7gCsLdb:eI5MPFuDA6DnOsgCG
Threatray 58 similar samples on MalwareBazaar
TLSH 65B67C27F4E204F9CA7FD07086979772BA31746A43307BA71F90EA751E12F906A2E714
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Win.Trojan.CobaltStrike-8091534-0
Create hunting rule

Win.Tool.CobaltStrike-6336852-0
Create hunting rule

Win.Malware.Tofsee-6896728-0
Create hunting rule

Win.Malware.Tofsee-7057860-0
Create hunting rule

Win.Coinminer.Generic-7158858-0
Create hunting rule

Multios.Coinminer.Miner-6781728-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a file
Sending a custom TCP request
Changing a file
Modifying an executable file
Creating a file in the system32 directory
Connection attempt
Creating a window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Changing critical settings of the Internet Explorer browser
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8187b1e047ab685c1c47ebf14c27ff25acd8f0d185e0b97f66e9da4541a58b5f/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 09:08:31 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
207baef67d279f7a610295723d1f619d1696feead9b9bc7991ac7798cd4db685
2abd579c1a1fd0474b42cb95fb354633bb01eedf4838582d7962a996f6fcc0f7
2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31
474186239b198102d48b399c5f9336a63672c52af39ac35443e7c42078cbf778
5168ea739c73173a9013bd4cf17ee56836a4c5025787ecbdee96feb8cce82b1d
5fc2660796cdbcb5b96f0ec909f1b1e038b93ce0afdb7326e76bc486efec811a
98479114ba34e54a2677c023118977d7f3e432bd4f587f4e4043eac0d4302d72
9c3b39f9ea962517cb7c94e8ee96501ef0db2a1c60029061dd2af0102b5de1cc
bebb125456266d90678d0bb26ec95a812a96edd68523d41b00a7d7c9ead8a821
d39fddfb18e3b21f9fe716810e8110423b7223d6e697f309e144d9c80e045e98
+ 48 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike
Link:
https://tria.ge/reports/201110-hxgdabltes/
Behaviour
Modifies Internet Explorer start page
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Program Files directory
Drops autorun.inf file
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Malware Config
C2 Extraction:
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Unpacked files
SH256 hash:
8187b1e047ab685c1c47ebf14c27ff25acd8f0d185e0b97f66e9da4541a58b5f
MD5 hash:
e73b2002ea53ce0f977b898a9b0c9327
SHA1 hash:
229b9f7dca3f9a998f61922f00769e9d3c56fecc
Link:
https://www.unpac.me/results/0d8435ea-0d88-4451-8d08-168936139098/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments