MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c2c1a38245a60815477308d2b10216cd562e295d1f7ddba62cb74c0b3381dae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c2c1a38245a60815477308d2b10216cd562e295d1f7ddba62cb74c0b3381dae
SHA3-384 hash: 735e56b53e1fe821dcd1bde207da7e8a0acec51204d5cd9c5850149080f57201fd86517119408d649323f6577539ab3c
SHA1 hash: 5d8ba06169c41ec889a4444ee224e1bf7c0d132f
MD5 hash: 3290675d6d55818bd83ec7ddaf1ada1f
humanhash: butter-uranus-maine-charlie
File name:8c2c1a38245a60815477308d2b10216cd562e295d1f7ddba62cb74c0b3381dae
Download: download sample
File size:11'225'367 bytes
First seen:2020-11-10 06:54:48 UTC
Last seen:2024-07-24 18:45:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep 196608:rRkPdUqb3DxAIzuD1nx3Dt7gDdgn13XwHEFoW3/:rmlUszuDTxcWn1QHM
Threatray 169 similar samples on MalwareBazaar
TLSH 57B67D27F5E204FDC67FD17082979732BA31786942307BAB1B90DA752F12F906A2E714
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
47
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Win.Trojan.CobaltStrike-8091534-0
Create hunting rule

Win.Tool.CobaltStrike-6336852-0
Create hunting rule

Win.Malware.Tofsee-6896728-0
Create hunting rule

Win.Malware.Tofsee-7057860-0
Create hunting rule

Win.Coinminer.Generic-7158858-0
Create hunting rule

Multios.Coinminer.Miner-6781728-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a file in the system32 directory
Sending a custom TCP request
Creating a file
Modifying an executable file
Changing a file
Connection attempt
Launching the default Windows debugger (dwwin.exe)
Creating a window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Creating a file in the mass storage device
Changing critical settings of the Internet Explorer browser
Enabling threat expansion on mass storage devices by creating the autorun.inf autorun file
Infecting executable files
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c2c1a38245a60815477308d2b10216cd562e295d1f7ddba62cb74c0b3381dae/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 06:57:29 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0c3155d4c87559a9fb87f0341c84a91b0ed6d17c1a3bbf5f1ffa2647cab8be53
1b849a9e416510a43ae6f3ef8b9a272f7f3094ae1af7f8228212e39dc9fb64f7
474186239b198102d48b399c5f9336a63672c52af39ac35443e7c42078cbf778
4a8189e1228669e993e25ca158c6fd9d8c1cfa53e10aa9392812e938fd2fd467
59a183ac03488ada3515b20bbf3cc3f018a84e77837ace9c3588903a785e0353
6a4df09ab78ce56ed0ab498aefaab6e5b85eb1945afc9deb49fdd6ae90e93a71
9c1c3f79f2695b16bead4cd1a59ab513e01afa4e85ce69401698192f50caffeb
9c3b39f9ea962517cb7c94e8ee96501ef0db2a1c60029061dd2af0102b5de1cc
b09d35ccef1c0c365b08cd320dea186d23902a900d34dfd170767b5d42a550ce
bebb125456266d90678d0bb26ec95a812a96edd68523d41b00a7d7c9ead8a821
+ 159 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201110-5k1e6pszbe/
Behaviour
Modifies Internet Explorer start page
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Program Files directory
Drops file in System32 directory
Drops autorun.inf file
Adds Run key to start application
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Malware Config
C2 Extraction:
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments