MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c640e51c97e1b41f553f33524452aad1af3496f9e389afe0b5893d7c2822b626. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c640e51c97e1b41f553f33524452aad1af3496f9e389afe0b5893d7c2822b626
SHA3-384 hash: 7dabffe2d178804395380c2d347c3e8707478f5d6915d90db85c9b07270911c028c766b8ab1950ef8d78f451f5fa32d8
SHA1 hash: 08b46fa4451ccbefe1c11aace9a25d34dbe7579e
MD5 hash: 2f1e4449e41dd6c3954d035c99985ca6
humanhash: ohio-iowa-speaker-uniform
File name:2f1e4449e41dd6c3954d035c99985ca6.exe
Download: download sample
Signature CoinMiner
Create hunting rule
File size:2'601'400 bytes
First seen:2022-08-31 07:58:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d1de84e4e19e5a9cd49215329c1ce5ba (2 x DCRat, 2 x CoinMiner, 1 x AsyncRAT)
ssdeep 49152:+Lwr0YbDLugEjGCLGfDX5zcKR3C0LIMR1+vIlVBZToX7Z+dlpu4Gekx1:+0r0YbDLu8mSpcKRyaIMevye7Z+dlpuB
TLSH T1D5C533167FB984B7C1F11431644936B228ADF82913005ACBE792462BAE3A4E5FD7F34D
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 696a6ee2b2b2c2cc (18 x RedLineStealer, 17 x LummaStealer, 16 x CoinMiner)
Reporter abuse_ch
Tags:CoinMiner exe signed

Code Signing Certificate

Organisation:675IUM64YWBT
Issuer:675IUM64YWBT
Algorithm:md5WithRSAEncryption
Valid from:2022-08-16T00:00:00Z
Valid to:2026-08-16T00:00:00Z
Serial number: 436bb8226afeaa74
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 1f7b5e9b6fda40088d8f32ef2e179ca97d035628928f3c35373990f988eb6267
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
system34.exe
Verdict:
Malicious activity
Analysis date:
2022-08-31 01:46:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2ed3e62c-c6dc-4e05-bdfb-1a4b215bb1d4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306728/
Detection(s):
Win.Adware.InstallPack-9918495-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Enabling the 'hidden' option for files in the %temp% directory
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching a process
Moving a file to the %temp% subdirectory
Creating a process from a recently created file
Replacing files
Using the Windows Management Instrumentation requests
Unauthorized injection to a recently created process
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/36128/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Tags:
keylogger overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/630f165ba7450371f6909fb2/reports/c2f25439-af45-4461-bd67-b9f8759f53ca/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
MinerDownloader, Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1061404
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c640e51c97e1b41f553f33524452aad1af3496f9e389afe0b5893d7c2822b626/
Threat name:
Win32.Trojan.Powerbif
Create hunting rule
Status:
Malicious
First seen:
2022-08-29 18:40:08 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
21 of 40 (52.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yzaokhex4g2b6vj7gnjeiuvk2gxtjfxz4oe27yfvre6xykbcwyta._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220831-jvdymsbcbp/
Behaviour
Creates scheduled task(s)
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
Unpacked files
SH256 hash:
0188b51a163ba513c5e4c56813b1b0746c354694383d8fea4fc6bbee37d4b3ac
MD5 hash:
85d899e7d65df794162a4608b0004d4e
SHA1 hash:
41a3eae0a7f2cbf6ef2de271930c9163c3d728e7
Link:
https://www.unpac.me/results/0cbddccd-9c92-4eb7-8cc0-0fff6c0f0e97/
SH256 hash:
c640e51c97e1b41f553f33524452aad1af3496f9e389afe0b5893d7c2822b626
MD5 hash:
2f1e4449e41dd6c3954d035c99985ca6
SHA1 hash:
08b46fa4451ccbefe1c11aace9a25d34dbe7579e
Link:
https://www.unpac.me/results/0cbddccd-9c92-4eb7-8cc0-0fff6c0f0e97/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe c640e51c97e1b41f553f33524452aad1af3496f9e389afe0b5893d7c2822b626

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2286193/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/306728/

Comments