MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90306e0e077ee4cddd2df457644fa24d5d81ec9fedbfa379bef88061ade4b25c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	90306e0e077ee4cddd2df457644fa24d5d81ec9fedbfa379bef88061ade4b25c
SHA3-384 hash:	a35b1260a7f1b0a99ce469f9b8e6f132359c4239b7e0dc676d98b4b33bcccea1f227c042630562a2b1d1728d6c4c7c8e
SHA1 hash:	37a79ad44ddbc3f867c60228eb07571545b33fac
MD5 hash:	b9f38ce6a68009d74c7012e38529e2b3
humanhash:	mockingbird-nebraska-coffee-ack
File name:	90306e0e077ee4cddd2df457644fa24d5d81ec9fedbfa379bef88061ade4b25c
Download:	download sample
File size:	11'249'943 bytes
First seen:	2020-11-10 06:40:08 UTC
Last seen:	2024-07-24 18:59:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep	196608:lxUyrQxZ/xUPmjuDO1nBDqYS9XHTbYgwHEFoWAe:lqwQ1luDQejlTbKH4
Threatray	169 similar samples on MalwareBazaar
TLSH	BCB67D27F5E204FDC67FD17082979732BA31786942307BAB1B90DA752F12F906A2E714
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Pseudosigner-36

SecuriteInfo.com.Generic-EXE.UNOFFICIAL

Win.Trojan.CobaltStrike-8091534-0

Win.Tool.CobaltStrike-6336852-0

Win.Malware.Tofsee-6896728-0

Win.Malware.Tofsee-7057860-0

Win.Coinminer.Generic-7158858-0

Multios.Coinminer.Miner-6781728-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Creating a file

Sending a custom TCP request

Creating a file in the system32 subdirectories

Modifying an executable file

Connection attempt

Changing a file

Launching the default Windows debugger (dwwin.exe)

Creating a window

Sending a TCP request to an infection source

Infecting executable files

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/90306e0e077ee4cddd2df457644fa24d5d81ec9fedbfa379bef88061ade4b25c/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-10 06:42:05 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

unknown

2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31

40060eb0d5e769d9a65987c9c1bace3525e0fe6b6ca0f1b5693b2ba4871d032b

474186239b198102d48b399c5f9336a63672c52af39ac35443e7c42078cbf778

6ee54c5576668d306e93e6c1e08c21a804eb0b52cd0fece6b8f2637f9738476b

a6716509395bbeb0b27d4f384927e7c5b3e75f9fa6e1def742340ab128c15a89

b9b5cce5bd4102fcd4fba76b5451eb649435f48e6a246ce8b91dc318a2e68c6d

bebb125456266d90678d0bb26ec95a812a96edd68523d41b00a7d7c9ead8a821

d263ca7460c0c002e23422c350e23bc02ced51761458bfed03f2941592d54436

eeefbf3fc5eaa2e8a586e76409ca853df354aaee653f6496bafc0f07629ce54d

+ 159 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201110-522l2drc7a/

Behaviour

Modifies Internet Explorer start page

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Program Files directory

Drops autorun.inf file

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Malware Config

C2 Extraction:

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample