MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 944b430ea906d74d8d8a8d2d487696f48e5d427e3ae8ee493dddebb3660ae766. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 944b430ea906d74d8d8a8d2d487696f48e5d427e3ae8ee493dddebb3660ae766
SHA3-384 hash: 39f6300d44ef0dc900b8ceac32cf993abe45fa109c8119f82952ea90e58e6c68a9eeeff1209e6a495d6572c158bcf9be
SHA1 hash: 98d818582766fef6f8bea7e3caf5882b963ef7a4
MD5 hash: e1e9d174eea2863be070d12f10b1eaae
humanhash: oregon-xray-nevada-golf
File name:e1e9d174eea2863be070d12f10b1eaae.exe
Download: download sample
Signature CoinMiner
Create hunting rule
File size:2'843'136 bytes
First seen:2022-02-03 14:46:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2a2a662be9dffc461398e7c94d0b55b4 (5 x GuLoader, 3 x CoinMiner, 3 x RedLineStealer)
ssdeep 49152:xQJuPSzoVeV3vXmIQZasaRXnTsFaDhBauVAbSvrl206H0ybh:4u63V3vXHQZaXRnRDyGAuTwvUybh
Threatray 486 similar samples on MalwareBazaar
TLSH T18BD522D2421B9365C7E515E4C2BA671B8CB8CC2EA707E631E605FE5796E002EDF30B58
Reporter abuse_ch
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
217
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/232280/
Detection(s):
SecuriteInfo.com.Variant.Razy.786642.7315.30944.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Running batch commands
Creating a file
Creating a process from a recently created file
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5878/overview
Behaviour
MalwareBazaar
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61fc3169a0f6a794b33693f0/reports/87274d1a-3e41-4b40-ae37-9b02ea3ae64d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/10aba10d-c986-4497-b4f1-503194b5fdac
Result
Threat name:
BitCoin Miner SilentXMRMiner Xmrig
Create hunting rule
Detection:
malicious
Classification:
evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/933451
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/944b430ea906d74d8d8a8d2d487696f48e5d427e3ae8ee493dddebb3660ae766/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-02-01 16:23:14 UTC
File Type:
PE (Exe)
AV detection:
26 of 43 (60.47%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
18205615390b3e8e007e8c0d7016978c268697f39ad0f7f2f441fedaf1c01237
CoinMiner
1f3246dd99e2f38b68b94c56fc44ac8994eb924e8526d395dcdfb7a9fd34da91
CoinMiner
41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0
CoinMiner
48eee6e4eedb7291e09cd68d3ff4f1608df7fb538be806d785a4e99cb77a9da2
CoinMiner
6d0de7ddeedf4343e85fabcfd6457fbd7ea9b42dac7aab6fadc2bab19c4e0e2a
CoinMiner
752e7330e3a78a5f97d052bbaad3b72803b4f9d21fe3b90f6619422dbcfe6fac
CoinMiner
914cd602a58f69dd35dd207d8128807926a139f27f4d8b7b2b958041783bc10c
CoinMiner
9ba99ef6e07d224b950b451c6e414e9c12ef7429d8e59d5cd841ffbc3c5369ec
CoinMiner
ba7a55b17174de39cb44b553a52de3d0b3c979d37104a5ad1580cb97a8acc800
CoinMiner
ee31b5f97e35ab401e74ad66f1d39479fb6bdefa3018dee605cfc6bd76bc1c46
CoinMiner
+ 476 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220203-r5wv7saeh4/
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
944b430ea906d74d8d8a8d2d487696f48e5d427e3ae8ee493dddebb3660ae766
MD5 hash:
e1e9d174eea2863be070d12f10b1eaae
SHA1 hash:
98d818582766fef6f8bea7e3caf5882b963ef7a4
Link:
https://www.unpac.me/results/6ff06416-199f-4d82-83e0-57f1df53a3f0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/944b430ea906d74d8d8a8d2d487696f48e5d427e3ae8ee493dddebb3660ae766

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe 944b430ea906d74d8d8a8d2d487696f48e5d427e3ae8ee493dddebb3660ae766

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2026331/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/232280/

Comments