MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bde1275ab6b4bbc22a323c9735cb678e039f3b3504613ab27225664dd91c5632. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	bde1275ab6b4bbc22a323c9735cb678e039f3b3504613ab27225664dd91c5632
SHA3-384 hash:	f4917edaa2982e5e41f5b30fea46c5d4b751fc3415fc4f3c468098d36d3dd9a0fb744bc7895e9d9484dc36066a37a96b
SHA1 hash:	d56ca3d47bd7d7ee35978b4ad9aeed27b83c544c
MD5 hash:	c455fe7f8a40d34f63198791fe9ffaa7
humanhash:	harry-one-magazine-texas
File name:	bde1275ab6b4bbc22a323c9735cb678e039f3b3504613ab27225664dd91c5632
Download:	download sample
File size:	11'584'792 bytes
First seen:	2020-11-10 09:08:23 UTC
Last seen:	2024-07-24 20:59:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep	196608:xUaziVRVLNyr/AuDbxsLis3cPzcnwkiwHEFoWoR:x9WVdNuD2lsAnw8HX
Threatray	168 similar samples on MalwareBazaar
TLSH	20C67D27F5E204FDC67FD17082979732BA31786942307BAB1B90DA752F12F906A2E714
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Pseudosigner-36

SecuriteInfo.com.Generic-EXE.UNOFFICIAL

Win.Trojan.CobaltStrike-8091534-0

Win.Tool.CobaltStrike-6336852-0

Win.Malware.Tofsee-6896728-0

Win.Malware.Tofsee-7057860-0

Win.Coinminer.Generic-7158858-0

Multios.Coinminer.Miner-6781728-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bde1275ab6b4bbc22a323c9735cb678e039f3b3504613ab27225664dd91c5632/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-10 09:10:11 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

unknown

28077a71b3aff9c96a58949ab21b2c9494ff76bbe29ea5df497fa9e2fc26b5a0

2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31

474186239b198102d48b399c5f9336a63672c52af39ac35443e7c42078cbf778

6ee54c5576668d306e93e6c1e08c21a804eb0b52cd0fece6b8f2637f9738476b

8404922269db9017b6d8834f7043cfc75df0b321b3cd3e5e385a9a811a59819c

85a588bc7e92b4e3a32b439477d47a54da61a22f9bb333e4257966ae291d383a

c7fdc6e8e80f30dc2855d60f22e5a18ee5a42dcb66f482e2bbc0e0d916bf75f2

e36f3a7871e2b5056d56a65c212819d56fa723c8cc96e0c83e8270a205c3321f

eeefbf3fc5eaa2e8a586e76409ca853df354aaee653f6496bafc0f07629ce54d

+ 158 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike

Link:

https://tria.ge/reports/201110-41egcc9g6e/

Behaviour

Modifies system certificate store

Malware Config

C2 Extraction:

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Unpacked files

SH256 hash:

bde1275ab6b4bbc22a323c9735cb678e039f3b3504613ab27225664dd91c5632

MD5 hash:

c455fe7f8a40d34f63198791fe9ffaa7

SHA1 hash:

d56ca3d47bd7d7ee35978b4ad9aeed27b83c544c

Link:

https://www.unpac.me/results/fe9c4872-1b88-4c82-874c-fe83b8e2ee24/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample