MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b98ef2a4506f6ce2d11da7283afbb0eb9bbc49c4ba110cce33eb344c1f975f7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b98ef2a4506f6ce2d11da7283afbb0eb9bbc49c4ba110cce33eb344c1f975f7b
SHA3-384 hash:	6a6bd46804118fe56d11f38859daae3b494f5e3e0371dd0b1dc0c2cdd81864e6b27be6c6a21fdb25e0dfcdc791830a6c
SHA1 hash:	8fdb245961a9d0227ab21391b83baec3372f01ea
MD5 hash:	fa3fa3002ecb4d3c772ab5e489d51b47
humanhash:	spaghetti-tango-seventeen-aspen
File name:	b98ef2a4506f6ce2d11da7283afbb0eb9bbc49c4ba110cce33eb344c1f975f7b
Download:	download sample
File size:	1'940'518 bytes
First seen:	2020-11-07 19:30:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep	49152:Lz071uv4BkMkibTIA5I4TNrpDGKerW6weO1:NABn
Threatray	104 similar samples on MalwareBazaar
TLSH	E79533624E282C3DC7BC163C287D0F5BA290CA5514048DF8D7FB54877A9DBB9281FA5E
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

69

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Coinminer-7331384-0

Win.Trojan.Coinminer-7331970-0

Win.Trojan.Coinminer-7331971-0

Win.Trojan.Coinminer-7332649-0

Win.Trojan.Coinminer-7332650-0

Win.Trojan.Coinminer-9670639-0

Win.Trojan.Coinminer-9787657-0

Win.Trojan.Coinminer-9787666-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Launching a process

Creating a process from a recently created file

Creating a window

Connection attempt

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b98ef2a4506f6ce2d11da7283afbb0eb9bbc49c4ba110cce33eb344c1f975f7b/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-07 19:39:38 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

10ccda6e4c721ff4c8269da789ed3c105892c4b98719d039c7519fbfa0a9138e

17951136d0013f019008ac6efbef0a7e07191f8b9d1437a8f2288bdabaef12df

3917659714f9e7002c2ee4609034c29611fd9004722f7ded813b7677e2b23f40

7bb865328f85095be86faa5e85dec51187d0a594dc871b71f108c0dbe70a2d2d

89d5d36ce9e1a8119729880250f8a3ce47f878c0b1164a62e9ae5751ca0d8b36

99a195a691e9d13e10c9ba4289042e1c224f278d96fffa362181899aa10e83ac

bf405687cd27cfe531be4b76ba191961ebaccc8edf694766921a98f246b30178

c06cafcfdd784450a09653e8d571c658c25adf34b7a7e9715cf28cbd4353d3b8

c141c25789fb6d9ba283cf8b8657c97894132c998e91e2ff3dc79e9585addafe

f1d2a644341ea818f5decd36f6a627b2e9e94ae5e4a023de22dd6c20580a68ad

+ 94 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201108-gnxb4a479s/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Drops file in Windows directory

Loads dropped DLL

Executes dropped EXE

UPX packed file

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample