MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf33486037c297c3e6d4ee754315ffff1be61b5d55f253b5f23b6f037a37335d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	bf33486037c297c3e6d4ee754315ffff1be61b5d55f253b5f23b6f037a37335d
SHA3-384 hash:	5e7ecfb8c065c2f696806c7b0ba3180c70891d7584fb1380f61e90bdcb952bd4b86e6ed9f273e69e892ffa8700b19607
SHA1 hash:	f8b4fc661a54d49b7756c28faab2b0768944ded2
MD5 hash:	145d4aa5e184405b34d5c173027c9f39
humanhash:	angel-zulu-wyoming-massachusetts
File name:	145d4aa5e184405b34d5c173027c9f39.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	2'843'562 bytes
First seen:	2021-10-13 17:05:38 UTC
Last seen:	2021-10-13 18:18:26 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c05041e01f84e1ccca9c4451f3b6a383 (141 x RedLineStealer, 101 x GuLoader, 64 x DiamondFox)
ssdeep	49152:Wg3mEwprI6Uv4B4tpzvXoJkM1P5dlFN7JNlr1SR3eDawS8Nd:HWEwppS4B4tBT6PrzN7Jf1OW
Threatray	1'312 similar samples on MalwareBazaar
TLSH	T10DD5238B2FB0DC17E728CA70BD6450E4A8D21D77E15C8341E394B70EB37BA99792994C
File icon (PE):
dhash icon	f0dc96978e8edcf0 (2 x CoinMiner, 1 x ArkeiStealer, 1 x RedLineStealer)
Reporter	abuse_ch
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

188

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

145d4aa5e184405b34d5c173027c9f39.exe

Verdict:

No threats detected

Analysis date:

2021-10-13 20:01:28 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/20d3437d-8b1b-46ce-904a-b9d3cb97eb9c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/197312/

Detection(s):

SecuriteInfo.com.Trojan.InjectNET.14.24453.16556.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/616711fefd35fe780c3db7ec/reports/72a91337-aec0-497d-9db8-5fecf8412e47/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3a50a56a-bdf8-4074-baec-b8a8b8d81a87

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/869854

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bf33486037c297c3e6d4ee754315ffff1be61b5d55f253b5f23b6f037a37335d/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-10-13 17:08:03 UTC

AV detection:

23 of 45 (51.11%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

2d3675bba3da579b093fd576fca9d1a47a3100d358391b5b7f3a368ee35a69e7

384b35bfb6d07dda3ea948bb9aa47a3024822ff40d21a13932381d6386643acc

624e6882f3abb051fa7f30627720356a12b5168c83018f192ae6e96dded6def6

788510bf3fc20aacc76bd0ed1884ff8452f4e79023f2f3ad3072efbd7e74139d

7d803e44c98cd23b971f692182f8d1d508fe82fb0fd6b681e7896c552d88411a

80b056a8c2fee08fd3361a8a271dea407425ca335275d49f81a1c50a06d9ed98

8532972f199b85a336710c894ddebea7560f7f19c774b52a0d648275960e4db4

ab8d377d550ebae841ab75d2d6257fb38960efc049037bbd2468483871897e5d

eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6

fab7787c4091df4416960dd16b043e78c1e63e70db42841094a073912a7c39f7

+ 1'302 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/211013-vmeezseear/

Behaviour

Enumerates physical storage devices

Unpacked files

SH256 hash:

bf33486037c297c3e6d4ee754315ffff1be61b5d55f253b5f23b6f037a37335d

MD5 hash:

145d4aa5e184405b34d5c173027c9f39

SHA1 hash:

f8b4fc661a54d49b7756c28faab2b0768944ded2

Link:

https://www.unpac.me/results/66f8d3fd-d70b-4d29-bc94-e8564b6c8cb2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.22

Link:

https://yomi.yoroi.company/submissions/bf33486037c297c3e6d4ee754315ffff1be61b5d55f253b5f23b6f037a37335d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe bf33486037c297c3e6d4ee754315ffff1be61b5d55f253b5f23b6f037a37335d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1646839/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/197312/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample