MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 13


Intelligence 13 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c
SHA3-384 hash: ecf1ed9e7ab0f639b0498b230e2453a21906773f95fcd8d7b15bfd0aa463f13c35fdb97d148a923526b4c8ac72a15375
SHA1 hash: a3a4173d6492ce86c2afbce9c7d0b9dbd22e0a9e
MD5 hash: 97e1ed368f120531a91f8c98e29c80f6
humanhash: pizza-zebra-august-lactose
File name:SecuriteInfo.com.Win32.MalwareX-gen.8034.17117
Download: download sample
Signature CoinMiner
Create hunting rule
File size:5'079'656 bytes
First seen:2025-07-14 19:20:19 UTC
Last seen:2025-07-14 20:15:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f811af01ac6c2789aa091e7bc9b7b43a (18 x Rhadamanthys, 1 x CoinMiner)
ssdeep 98304:TEj9kY+yjXkjaJLEEjvtRceofW8wSjAchA1xiKqrv8y:TEjRnjoegrv3
Threatray 176 similar samples on MalwareBazaar
TLSH T1F6364BE6794AB6CFE48A17F89427CE42AD1F03F841100913ED59B5FEBE93D815289E34
TrID 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
20.3% (.EXE) Win32 Executable (generic) (4504/4/1)
9.1% (.EXE) OS/2 Executable (generic) (2029/13)
9.0% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter SecuriteInfoCom
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
46
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
4363463463464363463463463.exe.bin
Verdict:
Malicious activity
Analysis date:
2025-07-14 19:07:17 UTC
Tags:
loader github hausbomber auto asyncrat evasion auto-startup ims-api generic xworm crypto-regex metasploit backdoor auto-sch auto-reg remcos rat remote gh0st snake keylogger telegram stealer quasarrat nitol botnet pastebin quasar nspack rdp amadey uac havoc tool meterpreter njrat ammy lumma rustystealer autoit rmm-tool netsupport python dbatloader modiloader rdpwrap babadeda arch-scr arch-exec inno installer delphi
Link:
https://app.any.run/tasks/02611424-2971-47e0-802b-22b3f280b0e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14310/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.8034.17117.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68755885c9eb97473768e300
Tags:
vmdetect packed obfusc crypt
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Launching a process
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm invalid-signature microsoft_visual_cc obfuscated obfuscated overlay packed packed packer_detected signed themidawinlicense
Link:
https://www.filescan.io/uploads/687558858a7d628a81ae45d7/reports/8fb72c37-b664-43a8-b3c5-e57eeb79bd0c/overview
Verdict:
Malicious
Labled as:
Jaik.Generic
Link:
https://www.hybrid-analysis.com/sample/8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/98fd059e-3232-4294-9262-8ecddfe26add
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) Win 32 Exe x86
Link:
https://app.malva.re/file/97e1ed368f120531a91f8c98e29c80f6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c/
Verdict:
Malicious
Threat:
Win32.Infostealer.Heuristic
Link:
https://tip.neiki.dev/file/8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-07-14 19:20:33 UTC
File Type:
PE (Exe)
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rresh5paw4546c2uby7qgpfsdxk67ekxaqypup5dmidgop5zlyga._file
Verdict:
malicious
Label(s):
rhadamanthys
Create hunting rule
Similar samples:
095b0a89ef2484e672af40ae72288ac65151d637351d9a1dcebbbf048138d46e
CoinMiner
1e342385819a0605226b411fe5748f75b33af63ed7d42c30bf61ab361cfa310f
CoinMiner
2436da6e148f73f3e99a2ceeaae08c3dc100451fd692bea2c5e860bd9aac7a2d
CoinMiner
3a52d91b4d116a614f2a76d7fd58b88c086f28375942368c8b913796000a43db
CoinMiner
50cd136e622549f640a06120c22c47fb566c4555be8d94fa6740af74b9db489e
CoinMiner
56654126ffcc89d8cd7ef24233064b48688572adaca5e7a320404c4088e31f9f
CoinMiner
6136c6fc5919bc7e677e087f3616830d25d993f366bd9bfbf5a1a28f1285a438
CoinMiner
64b5ab61bf52abbad72621534950c673c3a58589088ac471ce50795cf406eab9
CoinMiner
a2f1fa7763b8c5a8b4a79e63262f6b8bcdd7e019ac86bfc9b95f0422a874047d
CoinMiner
da796e334852923b6153f097a2104ece9b4e9bd096dccfc314a7a8d7a7e4e200
CoinMiner
error
CoinMiner
+ 166 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion discovery themida trojan
Link:
https://tria.ge/reports/250714-x2bnrawmw5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Checks whether UAC is enabled
Checks BIOS information in registry
Deletes itself
Themida packer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Suspicious use of NtCreateUserProcessOtherParentProcess
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/cc0b7222-230d-472c-8702-61822d71c53b
Unpacked files
SH256 hash:
8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c
MD5 hash:
97e1ed368f120531a91f8c98e29c80f6
SHA1 hash:
a3a4173d6492ce86c2afbce9c7d0b9dbd22e0a9e
Link:
https://www.unpac.me/results/ea8fcc1d-292f-4041-b062-1cb57b00c7c0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_Themida
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Themida
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe 8c4923f5e0b73bcf0b540e3f033cb21dd5ef91570430fa3fa36206673fb95e0c

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/14310/
  
URLhaus
https://urlhaus.abuse.ch/url/3583313/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments