MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 beeef3cfbb7ab4c32e924c51fb53782fa6b1994c0456e22d3216318791006398. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: beeef3cfbb7ab4c32e924c51fb53782fa6b1994c0456e22d3216318791006398
SHA3-384 hash: 7bea4a5b0a8e23aa910cca51b875bda7299c6e11d7e86dcb0d12741c6b609faca26b9f0a1f354254a92dbfd08916d008
SHA1 hash: 0fa3b9228cdb7e2dea2f7b0ca40eda0236758ca0
MD5 hash: 5c03fbc61ceac97307fa8f57c620f7aa
humanhash: ten-hot-hotel-wisconsin
File name:beeef3cfbb7ab4c32e924c51fb53782fa6b1994c0456e22d3216318791006398
Download: download sample
File size:1'099'768 bytes
First seen:2020-11-07 19:29:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep 24576:JanwhSe11QSONCpGJCjETPlbC78XCejaX29t:knw9oUUEEDlbUrM3t
Threatray 109 similar samples on MalwareBazaar
TLSH D73522A1BA5AEC9DF6603038504C2938CB4ED1F9B54818316E6D0BDE3999A54FEB701F
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Eati-7331431-0
Create hunting rule

Win.Trojan.Mansabo-9670631-0
Create hunting rule

Win.Trojan.Mansabo-9787656-0
Create hunting rule

Win.Trojan.Mansabo-9787658-0
Create hunting rule

Win.Trojan.Mansabo-9787665-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the system32 directory
Creating a process from a recently created file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/beeef3cfbb7ab4c32e924c51fb53782fa6b1994c0456e22d3216318791006398/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 19:39:41 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
11574d2f1b8924807b8ce193ee0b8e868845066d965f471ecf6a00606c240966
133947fe94bf9236f7ca7cdab497fdec0c0a6ba81f85b249608eb80dde4ba30f
1e91acd014a0dcf929f9beb50120526bcf3511c014afe065f9f6a3d79907e536
2fe27203f0016cc17a0c87321851747be25ec38cabf44328704ea514e369c6a7
a85e547f74ef5452bae6e79a5004c73a604e6d3febbe1c85fae1a65d39a97f2d
aed1ec82acd83e514cab79421231da4075fa9a31efe802436814dda0903590e5
c981792d2fbe63c5bc3c94a01520439bee3dd010053e2dde92004255b23fee83
d7a87c09bf69a367a5aae509593a91bee82c4ae10c5e7e813ea4149039bd3860
d94a82070841d74b384afcae00cdb17e7fa21cacfe1e8143b1f2184715b5dfe9
ff1293d1c92240651b89cb3cf102a636da2efe7fb963a8db297b5bf938088bcb
+ 99 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201108-8p4vf6ptn6/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments