MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264
SHA3-384 hash:	72442612f07b0b229b997dc9d1a37ebea91c42e858eaaeecc3b4d63193537c39954449333381393a24e7a9016294e6dd
SHA1 hash:	1dc729ee188e1b1b0874675d67dcf90e0de34078
MD5 hash:	60c09568374a7cc6fde4472e2f381d25
humanhash:	leopard-purple-kitten-seventeen
File name:	60c09568374a7cc6fde4472e2f381d25
Download:	download sample
File size:	339'456 bytes
First seen:	2023-08-08 00:35:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4329317f7ab113ac74b684563abcf41d
ssdeep	6144:6JOV4xvpsoZcMetN3wUpvwVP570Kk6NON77tcJN0LQKmfF5Ibxm:B2NqkWN3whVPjk6S7tcJNF3
TLSH	T17F74E1AFA7087986CE1997B68436D67A22307C6167F4111D76F9FF3BA173207940B322
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	b2a0b496a6caca72 (2 x CoinMiner)
Reporter	zbetcheckin
Tags:	64 exe

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

357

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN

Malware family:

n/a

ID:

1

File name:

60c09568374a7cc6fde4472e2f381d25

Verdict:

No threats detected

Analysis date:

2023-08-08 00:35:59 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/77e7534d-20ab-4033-8d4e-56461c622bac

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/441151/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win32.Dh-A.7671.23979.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

80%

Tags:

crypto greyware lolbin packed shell32

Link:

https://www.filescan.io/uploads/64d18df34154db2bd520f643/reports/6f09c3ec-5bb0-404b-ae74-66e9eabdc788/overview

Hybrid Analysis Win/malicious_confidence_90%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Suspicious

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/f9817013-532c-473a-afbd-8be2a1dcc30f

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1287364

Signature

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264/

ReversingLabs TitaniumCloud Win32.Trojan.Generic

Threat name:

Win32.Trojan.Generic

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-08-08 00:32:48 UTC

File Type:

PE+ (Exe)

Extracted files:

25

AV detection:

3 of 38 (7.89%)

Threat level:

  2/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yd2oudxqshcqyxtsdhoasrha6alqbxjd2crxzflcnhhlarheojsa._file

Threatray unknown

Verdict:

unknown

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

upx

Link:

https://tria.ge/reports/230808-axxdbsbe21/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

UPX packed file

UnpacMe 2

Unpacked files

SH256 hash:

826bb65876c67d0a4d36250eb63e0d3141ebb5a9472d0cb52134a8f46e0fd5a8

MD5 hash:

e39c299906d2b3e187873fc14801ff98

SHA1 hash:

f4f7e8882fe62c5351ecf00f74087b6d929e54aa

Link:

https://www.unpac.me/results/56a1e366-408d-48db-8385-8b7e90901be0/

SH256 hash:

c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264

MD5 hash:

60c09568374a7cc6fde4472e2f381d25

SHA1 hash:

1dc729ee188e1b1b0874675d67dcf90e0de34078

Link:

https://www.unpac.me/results/56a1e366-408d-48db-8385-8b7e90901be0/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264

(this sample)

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/441151/

  

URLhaus

https://urlhaus.abuse.ch/url/2702099/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-08-08 00:35:09 UTC

url : hxxp://37.139.129.145/img/Setup.exe