MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab8f396f283018a65174d5975d1213da5632fecfc35c6f9c95ce0ebb33499219. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PureMiner


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab8f396f283018a65174d5975d1213da5632fecfc35c6f9c95ce0ebb33499219
SHA3-384 hash: 5c48b2bab2e4c5f91077b67ea88e1d64c2bd3b670e1550526229b7e3279ab91772533d099bffaab944aff79067be3ecc
SHA1 hash: ce07312fd3f2460298023dfad0855f8be954cddd
MD5 hash: 2d12cfb0ba208f6cf985f1b319f9947e
humanhash: steak-triple-echo-carbon
File name:2d12cfb0ba208f6cf985f1b319f9947e.exe
Download: download sample
Signature PureMiner
Create hunting rule
File size:74'752 bytes
First seen:2022-10-06 11:36:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:u8QcMpP9uCg6QJvRcw4KP+ldM3C3f9GxZO5z2B8GFESo:u8Q5pV9QAM6kxk
Threatray 2'492 similar samples on MalwareBazaar
TLSH T1ED73BF52E51CD726EC258E3DC5BA9DCA41F39DE2DC90664F38A47A862D33317DA32702
TrID 56.4% (.EXE) Win64 Executable (generic) (10523/12/4)
11.1% (.EXE) Win16/32 Executable Delphi generic (2072/23)
10.8% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon cc0f33313333ccd4 (4 x AsyncRAT, 1 x RemcosRAT, 1 x PureMiner)
Reporter abuse_ch
Tags:exe PureMiner

Intelligence

File Origin
# of uploads :
1
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ab8f396f283018a65174d5975d1213da5632fecfc35c6f9c95ce0ebb33499219.zip
Verdict:
No threats detected
Analysis date:
2022-10-06 16:57:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/01fe7f89-659a-4d21-8555-8af6a6a2c987

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/317284/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.62547045.7051.17528.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/633ebddec9e2f3435432ecae/reports/980759d7-263c-45c3-8c2e-1e6c409802c1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/566936af-5e0d-449e-9982-3f2881191078
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1084899
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Encrypted powershell cmdline option found
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 717458 Sample: F4CtQw4O8m.exe Startdate: 06/10/2022 Architecture: WINDOWS Score: 88 21 Snort IDS alert for network traffic 2->21 23 Multi AV Scanner detection for domain / URL 2->23 25 Antivirus detection for URL or domain 2->25 27 4 other signatures 2->27 7 F4CtQw4O8m.exe 14 3 2->7         started        process3 dnsIp4 19 194.38.23.170, 49700, 80 PRAID-ASRU Ukraine 7->19 29 Encrypted powershell cmdline option found 7->29 11 powershell.exe 16 7->11         started        13 powershell.exe 9 7->13         started        signatures5 process6 process7 15 conhost.exe 11->15         started        17 conhost.exe 13->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab8f396f283018a65174d5975d1213da5632fecfc35c6f9c95ce0ebb33499219/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-10-05 20:26:39 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
10
AV detection:
9 of 40 (22.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vohts3zigamkmulu2wlv2eqt3jldf7wpynog7hevzyhlwm2jsimq._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
07f2d4559c633807609f3169ccbc9bfa83d68791984cd52d519a46a738a676d1
PureMiner
250aff2c3a55a4d8ad9a091d1794ae9717f6a6d4e00c0e8be853cbca5d4681a3
PureMiner
3852b464e5ee957cb10980de453b0813036c06c0fb6157ba236b895870d67e82
PureMiner
4ff17757e7b6d0d9abea660efaf9efeb28ee85f5d2841fe27321588dc74a7e69
PureMiner
599fa7fc07b1b8265ea936ce641733fcec03eb0fe8cc4822e5a752b6629e216e
PureMiner
9b87dd13acebc8cf91c43f02433aaaa48f902b43b57379d27a8bf7886c40e0f6
PureMiner
d8b8f7d0334857a3749963c08491c155c6743af96f8ad779101060ff71a9eca3
PureMiner
e786277086340b57fe809a77cf9ccf0637c59d049abd8b54588fc6193dd2bdf8
PureMiner
e8b057817c2bbda7191f4b4e53b913caff6f2cbda1a0cbf68f32e2f4d45f1c42
PureMiner
fa8d8657315c0ff3057652f4b34194de08fa9d2ff3028ad2043b53c551851358
PureMiner
+ 2'482 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221006-nq5ysahdhj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/06e745e7-45f2-4279-a427-b0fd9e4514e7
Unpacked files
SH256 hash:
ab8f396f283018a65174d5975d1213da5632fecfc35c6f9c95ce0ebb33499219
MD5 hash:
2d12cfb0ba208f6cf985f1b319f9947e
SHA1 hash:
ce07312fd3f2460298023dfad0855f8be954cddd
Link:
https://www.unpac.me/results/9e525725-ccd0-4d03-a07d-13d20c5864ff/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ab8f396f2830/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/ab8f396f283018a65174d5975d1213da5632fecfc35c6f9c95ce0ebb33499219

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureMiner

Executable exe ab8f396f283018a65174d5975d1213da5632fecfc35c6f9c95ce0ebb33499219

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2307201/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/317284/

Comments