MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a42f294adc0ab6382f374ae7f2792a83f37ef79d149deed12c3bb9feeba7b8be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a42f294adc0ab6382f374ae7f2792a83f37ef79d149deed12c3bb9feeba7b8be
SHA3-384 hash: 6a06ea5a3127f1a0191078a1f624391a4f08cf3d336c7f0217fc1839b5c8dfe856d9ff4c2d400aca8ea813fc8724eab4
SHA1 hash: b04b4afeb65f9b161886025ebc01b3043f0d3303
MD5 hash: 31475e9afdd7c8effe32efa217120b30
humanhash: pizza-nebraska-fruit-bravo
File name:31475e9afdd7c8effe32efa217120b30
Download: download sample
Signature CoinMiner
Create hunting rule
File size:657'408 bytes
First seen:2021-10-10 02:47:08 UTC
Last seen:2021-10-10 03:41:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:TWZWXYUQYtNrXwQcpP289FbX1LblEo9LSfYMFj6IRJVdTK:TWUoUrrJIBFbxmo9LQjvTK
TLSH T1A2E4F195B50439DFC857C4B2CDB95C20AB707C3A831F4203A05732AD9A7EA87EF655B2
File icon (PE):PE icon
dhash icon b270e9f8e8e8e060 (1 x CoinMiner)
Reporter zbetcheckin
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
334
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
31475e9afdd7c8effe32efa217120b30
Verdict:
No threats detected
Analysis date:
2021-10-10 02:49:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9f5003af-3875-4629-a07a-ec53bc841ddf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/196351/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37747324.21567.10290.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Using the Windows Management Instrumentation requests
Connection attempt
Sending a custom TCP request
Creating a window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/616254641c2d58ba74fe71ba/reports/848b760c-bd6c-469e-8955-760c6a53e72a/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a42f294adc0ab6382f374ae7f2792a83f37ef79d149deed12c3bb9feeba7b8be/
Threat name:
ByteCode-MSIL.Infostealer.Reline
Create hunting rule
Status:
Malicious
First seen:
2021-10-07 14:12:31 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uqxsssw4bk3dqlzxjlt7e6jkqpzx5545cso65ujmho47525hxc7a._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  9/10
Tags:
persistence vmprotect
Link:
https://tria.ge/reports/211010-dafnvafee3/
Behaviour
Delays execution with timeout.exe
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Downloads MZ/PE file
Executes dropped EXE
VMProtect packed file
Core1 .NET packer
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a42f294adc0ab6382f374ae7f2792a83f37ef79d149deed12c3bb9feeba7b8be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe a42f294adc0ab6382f374ae7f2792a83f37ef79d149deed12c3bb9feeba7b8be

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1662864/
Cape
Cape
https://www.capesandbox.com/analysis/196351/
  
URLhaus
https://urlhaus.abuse.ch/url/1662869/

Comments


Avatar
zbet commented on 2021-10-10 02:47:10 UTC

url : hxxp://194.76.225.101/telegram.exe