MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a
SHA3-384 hash: 04f4f7025794936db921e2913f33f5b124831c7e957ce0db7f2b075bd12d9b70e54b039020fdb808e8d628e4c3f78a00
SHA1 hash: 835d5d0cfd9c8f63a401457d24a8f1f04581f5b1
MD5 hash: d924a64a68fb15d9cb4210585b87d090
humanhash: steak-march-mississippi-river
File name:file
Download: download sample
Signature CoinMiner
Create hunting rule
File size:2'234'880 bytes
First seen:2025-12-29 01:52:21 UTC
Last seen:2025-12-29 03:22:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 02549ff92b49cce693542fc9afb10102 (88 x CoinMiner, 2 x CoinMiner.XMRig, 1 x AgentTesla)
ssdeep 49152:gBFrgKLwRGJyTcT83ezM4sLis7Wr6N7hnGeb/AdtuJQPKiX:YFhMGJyQTjfsirNeTUM
Threatray 441 similar samples on MalwareBazaar
TLSH T1FAA5336D7B0E0528D338B3F4623BA1229FA18C38CD59F1EF2B8C994610D661F5A35E57
TrID 55.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
16.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.9% (.ICL) Windows Icons Library (generic) (2059/9)
6.8% (.EXE) OS/2 Executable (generic) (2029/13)
6.7% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter Bitsight
Tags:CoinMiner dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://130.12.180.43/files/8278288380/Fn9aleP.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
111
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a.exe
Verdict:
No threats detected
Analysis date:
2025-12-29 01:54:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6ffa935e-d6c6-4f31-a7a0-d0f7ccd70410

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46365/
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.28415.8902.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6951df0a7468b4bd1c8e7fa4
Tags:
autorun shell crypt sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt donut packed unsafe
Link:
https://www.filescan.io/uploads/6951df082fb7bb52ca804154/reports/9825d9ae-7a81-4215-aac2-5a76b440ac34/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-28T23:01:00Z UTC
Last seen:
2025-12-29T00:32:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.Win64.Donut.pef HEUR:Trojan.Win32.Generic Trojan.Win64.Inject.sb Trojan.Win64.DonutInjector.sb Trojan.Win64.Donut.sb Trojan.Win32.Inject.sb HEUR:Trojan.Win64.Inject.pef Trojan.Win32.Shellcode.sb HEUR:Trojan.Win64.DonutInjector.gen VHO:Trojan.Win64.Donut.gen RiskTool.BitCoinMiner.TCP.C&C RiskTool.Miner.UDP.C&C RiskTool.BitCoinMiner.UDP.C&C
Link:
https://opentip.kaspersky.com/be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a/results?tab=lookup
Malware family:
Donut Injector
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/70638ff5-80cf-45da-a90e-57a88b4f6fd0
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/d924a64a68fb15d9cb4210585b87d090
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a/
Verdict:
Malicious
Threat:
Family.XMRIG
Link:
https://tip.neiki.dev/file/be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a
Threat name:
Win64.Trojan.Donut
Create hunting rule
Status:
Malicious
First seen:
2025-12-29 01:53:16 UTC
File Type:
PE+ (Exe)
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xzusrjmtl4fut3egafn6h5qauy25hlxvl5qcqj5hcbfgmgyteafa._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
Similar samples:
03d0098801bb4b1f4f82d7878f630e7788ecf21bc5289e15f7c72d0fb00b09e6
CoinMiner
2cfebb6da590b61b3513b3fd0a90c588f72f3c954f99285f48e784dd9a9effc6
CoinMiner
694d23c82bb2ef802432cce13808c97a6f571e95b8bef74d84bf31dd43e8c88a
CoinMiner
75a68ccf94d77bd6b321a5aac66a93cf16624da85e14bb16458559434992a0be
CoinMiner
aa3444054be8d8f795d96ee3cea05e8038293cb27c951b00d82d5033d3437539
CoinMiner
b32ca5f8d7dcf69823c317163ed43f7a8591958ffdf87434a508c9de60070ddf
CoinMiner
error
CoinMiner
f5057a913de757e04438630d32ded1ef85fb97ba417802ed326ed9da10a4b43f
CoinMiner
fe55e4f54a33e553a9e20dd0f3cae2f1463f7aaf8a7fe6409c6f1aab95fb8fe0
CoinMiner
+ 431 additional samples on MalwareBazaar
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig execution miner persistence
Link:
https://tria.ge/reports/251229-ca3b6scq5v/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SetThreadContext
Executes dropped EXE
XMRig Miner payload
Xmrig family
xmrig
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/083c8a41-d756-44c4-9e1d-85a3718ea7ec
Unpacked files
SH256 hash:
be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a
MD5 hash:
d924a64a68fb15d9cb4210585b87d090
SHA1 hash:
835d5d0cfd9c8f63a401457d24a8f1f04581f5b1
Link:
https://www.unpac.me/results/a30665e0-9f35-4645-92c1-0ca316da7088/
Malware family:
XMRig
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/be6928a5935f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe be6928a5935f0b49ec86015be3f600a635d3aef55f602827a7104a661b13200a

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3745581/
Cape
Cape
https://www.capesandbox.com/analysis/46365/

Comments