MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b23bd81419228f9009e9ba32cafac9151a644a66aefc6fa87a2751c10770e000. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b23bd81419228f9009e9ba32cafac9151a644a66aefc6fa87a2751c10770e000
SHA3-384 hash: fb0e2281c1c9149cf9e442730931f53249d640e6b01b46075e8896ab4f22825248c5127c2aecaa21319c3b27f48b5004
SHA1 hash: 913da28f7ee51be3cbfa6f3f70d7fe4548846973
MD5 hash: a2824b6d5cc7cec12736da0663e5045e
humanhash: idaho-mars-sink-harry
File name:b23bd81419228f9009e9ba32cafac9151a644a66aefc6fa87a2751c10770e000
Download: download sample
Signature CoinMiner
Create hunting rule
File size:403'963 bytes
First seen:2020-03-23 18:48:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 335172068aa2111ea57057a8ab38eb5e (1 x CoinMiner)
ssdeep 12288:rUx4tX48+uzYEsqd3y9g1wmhfx2lH0doE2t:g4nBvd3cvsslU6P
Threatray 62 similar samples on MalwareBazaar
TLSH A58423F1E32210F1DA58E17219EFD991D6823DC077BAAF498CD4797B28830863E5DCA5
Reporter Marco_Ramilli
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
456
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Win.Malware.Ursu-7486622-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Scar
Create hunting rule
Status:
Malicious
First seen:
2020-02-18 07:14:00 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wi55qfazekhzacpjxizmv6wjcungistgv36g7kd2e5i4cb3q4aaa._file
Verdict:
malicious
Similar samples:
118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
CoinMiner
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
CoinMiner
a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a
CoinMiner
bb14728459929940d4a7c6fd636177faacc0a23e4f75e526f12259e78a3853e7
CoinMiner
c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295
CoinMiner
e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786
CoinMiner
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
CoinMiner
e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea
CoinMiner
eaec22c2d23bb4d85d21b80ce1cc4b3874964631f615d1975cdab03467078f5b
CoinMiner
edde62496431c693fbd64bbccbb5fbb58338bcd9df1a949712955b110ff8e7e4
CoinMiner
+ 52 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe b23bd81419228f9009e9ba32cafac9151a644a66aefc6fa87a2751c10770e000

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/155996/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments