MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82a92a627eea0fe47fa124940b5c020a557f5a5bcc347851e9d901a2f134ad30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82a92a627eea0fe47fa124940b5c020a557f5a5bcc347851e9d901a2f134ad30
SHA3-384 hash: 999fb324a569c6395b0ed86368260e35ba5a66f323aa9b2963936217effea54c853cd8fa625866adcb5a8b565beb4389
SHA1 hash: f8b4c298e806dba35e4dd677baa9f267e3ca58fd
MD5 hash: ff8bc2a205de370fe8b8c8c69b1faa65
humanhash: burger-delaware-wyoming-snake
File name:SecuriteInfo.com.Trojan.DownLoader33.57079.13504.14131
Download: download sample
File size:1'215'840 bytes
First seen:2020-06-25 21:37:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 85d6c81564a340a5f1ed941e382325a2
ssdeep 24576:bysXZmO3HBiDFUvwoYSH3nOO/gqF+5+w2FxQ+Fq8ZIYtFds:bysXY7x+X3tFc+lADoFds
Threatray 36 similar samples on MalwareBazaar
TLSH D145BC81EB801582ED00F6339A41F73013B35EF02A6F9D0E46F6715617766CACAB9B39
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14538/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.57079.13504.14131.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Changing the Zone.Identifier stream
Creating a process from a recently created file
Creating a process with a hidden window
Launching a process
Running batch commands
Using the Windows Management Instrumentation requests
Searching for the window
Launching a tool to kill processes
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82a92a627eea0fe47fa124940b5c020a557f5a5bcc347851e9d901a2f134ad30/
Threat name:
Win32.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 15:36:07 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
16d8aa3dae24ba03bbc22093b96c73b303646cd7fb9829a857177c0cbe2ca724
1fc92ff3532cbd0ec4cae9bbda015ed847f7687758c22ccf59e362f47e6a35cd
27f7e212954191d2fc10676ad69942421e904a5719cb2001149de2bb38c0610f
571ec740451764b370c61813124b876d6bf8f0c2add56e57e7e8c00f494bc46e
5947d6a7fc4014628b957c4ed8ffff7c961f37f155cb814224a89e1f3700f060
5d4a8635a8bd54c96eb76c61ba879998437d96bc72557ef2be44183797e49149
610c374d9fcc17102ba7dc8ee3ec5cb569c60d0e86f25b004dfe8d24781f8310
ccae475b281127a3280a51906a2ab50248c8b7f75c34e93c5bd62ccc0fded850
d6f0bfa0aa9e2b9004d36f51fff20f947adbaa6bbb7fffdde1fc37d105fa7257
e7e5f0ac865dd8cec6539a3defbd09f15df7822b647fcd2e2f53555be98ad8e2
+ 26 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200625-kzbbkzw17e/
Behaviour
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Kills process with taskkill
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of NtSetInformationThreadHideFromDebugger
Loads dropped DLL
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14538/

Comments