MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bec2c4c72b0297624093232878a45e9f5e467a9f838268a4403bc9416bde8189. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bec2c4c72b0297624093232878a45e9f5e467a9f838268a4403bc9416bde8189
SHA3-384 hash: 34d073222223dcddc5c3a32f985f251380b81da0a0d4613d6a9f19a87a3d8b4b11e5c7773306b2ca958fad18e28c0266
SHA1 hash: 27f6baaa5688a72bcfcf889a7aeb1eb6ddb7392c
MD5 hash: b9c9b95e820d609361e82aea158dc7ff
humanhash: oklahoma-sierra-december-foxtrot
File name:b9c9b95e820d609361e82aea158dc7ff
Download: download sample
Signature CoinMiner
Create hunting rule
File size:487'424 bytes
First seen:2022-11-01 04:01:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:FXcG8blRnQFS0PH5us4fEFwJ0oCVNoJhoq+D7BhfVms:dnFBH58UqqoPo
Threatray 2'354 similar samples on MalwareBazaar
TLSH T121A42311EB143E66D9047E3BF8F3039B281E87FDAD05F444B4D2A994AFA216ED4C0E60
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 29e72aa2471b0d64 (1 x CoinMiner)
Reporter zbetcheckin
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
250
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b9c9b95e820d609361e82aea158dc7ff
Verdict:
No threats detected
Analysis date:
2022-11-01 04:03:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c242e514-7cfa-4fc8-add9-393593d9b561

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/326653/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop21.5206.11064.20623.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file in the %AppData% directory
Creating a file
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
Creating a window
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63609a3c9eb103bc04e52126/reports/d48b2890-fe22-439c-9f80-f33a281b6982/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cae06899-dd45-45e8-8040-8d4bb60dba19
Result
Threat name:
Xmrig
Create hunting rule
Detection:
malicious
Classification:
evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1102226
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Yara detected Costura Assembly Loader
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bec2c4c72b0297624093232878a45e9f5e467a9f838268a4403bc9416bde8189/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-10-26 20:16:27 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
6
AV detection:
25 of 41 (60.98%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x3bmjrzlaklweqetemuhrjc6t5pem6u7qobgrjcahpeuc266qgeq._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
2a97eefb81b0234328c6d859fdc1c1177d4850691d31162c8c5708e94a452138
CoinMiner
b2e31ed9833299ec3c166877db92ff5d477858f5867ca5494b26a82558e4616e
CoinMiner
b8779766207a8d95a61e66235379705446b34f7c66eab6a4d763321f4597eece
CoinMiner
d57321805b57d9a004d652b7d8b00d9045d6940800653374e2a47c7dad2e9196
CoinMiner
d5d8501413231217f31c6b614fbc4e5cba5ba8cabb6da772e5ed82e484238088
CoinMiner
de41596200eab56b30eddafa626ae24de9cf7ee54e0c2c35be0554af08207a63
CoinMiner
f15bf4c786172149ed0b9e57b08c695b01095b9167de714ea61768f021ae9ff0
CoinMiner
fa8d8657315c0ff3057652f4b34194de08fa9d2ff3028ad2043b53c551851358
CoinMiner
+ 2'344 additional samples on MalwareBazaar
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig miner
Link:
https://tria.ge/reports/221101-elsm8afgg6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
XMRig Miner payload
xmrig
Unpacked files
SH256 hash:
bec2c4c72b0297624093232878a45e9f5e467a9f838268a4403bc9416bde8189
MD5 hash:
b9c9b95e820d609361e82aea158dc7ff
SHA1 hash:
27f6baaa5688a72bcfcf889a7aeb1eb6ddb7392c
Link:
https://www.unpac.me/results/79889ddb-5c93-4bc7-afe9-e48dbb0ac022/
Malware family:
XMRig
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bec2c4c72b02/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/bec2c4c72b0297624093232878a45e9f5e467a9f838268a4403bc9416bde8189

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe bec2c4c72b0297624093232878a45e9f5e467a9f838268a4403bc9416bde8189

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2393246/
Cape
Cape
https://www.capesandbox.com/analysis/326653/

Comments


Avatar
zbet commented on 2022-11-01 04:01:18 UTC

url : hxxp://79.110.62.23/persis.exe