MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83
SHA3-384 hash: 3e8e541fc3e71ca160a66749eb1c2ec13d4e3db9dfb38f23a9459aacc67b2ddf950f55945c202edb3a7f1ef84e797fdd
SHA1 hash: 94bd126681f6bee5d821977a5fa6c890c09e81db
MD5 hash: e5eef74be517de807cf780bf2b5dc73d
humanhash: glucose-arkansas-dakota-nineteen
File name:file
Download: download sample
Signature CoinMiner
Create hunting rule
File size:49'664 bytes
First seen:2025-10-31 11:25:57 UTC
Last seen:2025-10-31 11:30:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f9ade0aa18f660a34a4fa23392e21838 (9 x DarkSide, 3 x BazaLoader, 2 x ShikataGaNai)
ssdeep 1536:G7MB4d+0b0TjMNxt62MiRF/64Shacxm5btxe:6MB4BujMNxt62MiRQEyum
TLSH T130236286F7DB20F9D072E035EA822239F1B57C584B748BF75A415E660AA3BE4743B305
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:CoinMiner dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://178.16.55.189/files/6500939825/vXghRBb.exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
127
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2025-10-31 11:27:05 UTC
Tags:
auto-reg
Link:
https://app.any.run/tasks/ac077dee-c184-486a-8b1e-16908b3078ab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34894/
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69049cd69942f1282ecad8b5
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Connection attempt
Sending a custom TCP request
DNS request
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-10-31T08:53:00Z UTC
Last seen:
2025-11-01T12:30:00Z UTC
Hits:
~10
Detections:
Trojan-Dropper.Win32.Agent.tkddru PDM:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4f4599e2-5339-4b34-aefe-478cda892ee1
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/e5eef74be517de807cf780bf2b5dc73d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83/
Verdict:
Malicious
Threat:
Win64.Malware.Heuristic
Link:
https://tip.neiki.dev/file/b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-31 11:27:24 UTC
File Type:
PE+ (Exe)
AV detection:
17 of 37 (45.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgtqtolhopcsx7eztg4q5uxfoxvyk3hazivrkolljwnshochp2bq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/251031-nj43xaymbt/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Checks computer location settings
Unpacked files
SH256 hash:
b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83
MD5 hash:
e5eef74be517de807cf780bf2b5dc73d
SHA1 hash:
94bd126681f6bee5d821977a5fa6c890c09e81db
Link:
https://www.unpac.me/results/9426c4cd-49d7-4027-9985-30c0612b2c69/
Malware family:
XMRig
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b9a709b96773/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe b9a709b96773c52bfc9999b90ed2e575eb856ce0ca2b15396b4d9b23b8477e83

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3691888/
Cape
Cape
https://www.capesandbox.com/analysis/34894/

Comments