MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8165278102ec98fd56ba16c78ab2b3da0e9a695ea06992e1563c87b62c2ca89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8165278102ec98fd56ba16c78ab2b3da0e9a695ea06992e1563c87b62c2ca89
SHA3-384 hash: 7567ef04aa7f06feb73af9be2b43659604f8b645d61345401c6b5758918debd1072058810e6ff9baaef361c9f37d2012
SHA1 hash: 4e63ded6779824c92fc0a6baf1d96e76e0607c94
MD5 hash: 9e3966cc99ff188a49060da5a8919b11
humanhash: yankee-queen-carolina-chicken
File name:9e3966cc99ff188a49060da5a8919b11
Download: download sample
Signature CoinMiner
Create hunting rule
File size:5'054'976 bytes
First seen:2022-11-01 18:24:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:4irF4pInS8UuUx1DC+WjHso5vSRYN4QM2exPIIC6o5VWQ0tIM3F44oHxKy/zb1CP:V3
Threatray 8'388 similar samples on MalwareBazaar
TLSH T14C3666F4A0AB4091F14BCD911978F9A505B630E3EDCA0879032EB644DFBFE953E4895E
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 70c8f0e8f0e8e871 (1 x RecordBreaker, 1 x CoinMiner)
Reporter zbetcheckin
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
342
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9e3966cc99ff188a49060da5a8919b11
Verdict:
No threats detected
Analysis date:
2022-11-01 18:25:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/36bd13ed-a645-4c45-8d05-cf451f947fa6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/326868/
Detection(s):
SecuriteInfo.com.PUA.EmbeddedEXE-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
dcrat
Link:
https://www.filescan.io/uploads/63616483ce1f43143c2a5516/reports/27602832-e9cf-4bc1-b126-90e57b47819b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/42ae5f6d-1aaa-462b-938f-daf5653c342b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1102703
Signature
Encrypted powershell cmdline option found
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 735364 Sample: FtRdA3EoRa.exe Startdate: 01/11/2022 Architecture: WINDOWS Score: 56 14 Multi AV Scanner detection for submitted file 2->14 16 Machine Learning detection for sample 2->16 7 FtRdA3EoRa.exe 1 2->7         started        process3 signatures4 18 Encrypted powershell cmdline option found 7->18 10 powershell.exe 14 7->10         started        process5 process6 12 conhost.exe 10->12         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8165278102ec98fd56ba16c78ab2b3da0e9a695ea06992e1563c87b62c2ca89/
Threat name:
ByteCode-MSIL.Backdoor.DcRat
Create hunting rule
Status:
Malicious
First seen:
2022-11-01 02:20:41 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
13
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xalfe6aqf3ey7vllufwhrkzlhwqotjuv5idjslqvmpehwywczkeq._file
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
044c8b955c03ef43c71d8599bb519dfb4c08d0dc713ebff668d617d95a2ed1fa
CoinMiner
283edc44cafd6523d5cf5ded1106908a9aabc8957ac6ef570a7a01fe60cde540
CoinMiner
28c7622610b984e235d5413c30e6ad570d25a99b148e36d162bfd9c60dcfdade
CoinMiner
4b6d9156081ce2b9cc4818f5b03e347c0965f874929f03e427c0407a51f12eb3
CoinMiner
57ade73fa55896090db5172300e4bfbd2667547843c6e278db4b16ad7cec4f15
CoinMiner
63817b66af367d99670cfca41e202771396a759aa78b62b08dcbf80eebd63217
CoinMiner
6d5486d773d521ca26d1e092dc07f044ab75d0fa303780ef2216b443c1897c93
CoinMiner
c76e81b63d6f8ab38432243d8043631d3b58495f31c86f4ab529f6948405d9d2
CoinMiner
+ 8'378 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221101-w2l9taebe6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/deeed5ee-d287-408b-8ca4-1b82ee363d71
Unpacked files
SH256 hash:
b8165278102ec98fd56ba16c78ab2b3da0e9a695ea06992e1563c87b62c2ca89
MD5 hash:
9e3966cc99ff188a49060da5a8919b11
SHA1 hash:
4e63ded6779824c92fc0a6baf1d96e76e0607c94
Link:
https://www.unpac.me/results/877693a3-bcfc-401d-924b-a60638a46382/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b8165278102e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/b8165278102ec98fd56ba16c78ab2b3da0e9a695ea06992e1563c87b62c2ca89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe b8165278102ec98fd56ba16c78ab2b3da0e9a695ea06992e1563c87b62c2ca89

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/326868/
  
URLhaus
https://urlhaus.abuse.ch/url/2395179/

Comments


Avatar
zbet commented on 2022-11-01 18:24:58 UTC

url : hxxp://5.206.227.167/hivviqoz/Emit.exe