MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f
SHA3-384 hash: d9d68bdcb7a939c0e5c438f52e29d62455db155409cb64a996f077064adbca3794740f0aa7693152036964e1541fea9b
SHA1 hash: 6feda48d24a9a6c4d00d24fdbac41def7a237caa
MD5 hash: 9b19ae4a815c92d4b1a1fb34df2b02cc
humanhash: bravo-florida-mirror-social
File name:cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f
Download: download sample
Signature CoinMiner
Create hunting rule
File size:5'957'056 bytes
First seen:2021-02-22 11:45:43 UTC
Last seen:Never
File type: elf
MIME type:application/x-sharedlib
ssdeep 98304:H9zauCUlBa/GjIj/jM8MMM8MMMMMwMMwbvUvUvkGjrGjI7v01s0LIYz7t5uaZtFb:EcA6UdUJOvOBETOGIJ
TLSH 6A566D1BB6A244FCC17AC870861FD572BD70B8994222797B33949B302E67F605B1DFA1
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Unix.Coinminer.XMRig-6683890-0
Create hunting rule

Multios.Coinminer.Miner-6781728-2
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f/
Threat name:
Linux.Coinminer.BitCoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-12-23 21:49:39 UTC
File Type:
ELF64 Little (SO)
AV detection:
18 of 29 (62.07%)
Threat level:
  4/5
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig antivm linux miner
Link:
https://tria.ge/reports/210222-n4148za5d6/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Reads CPU attributes
Modifies hosts file
Writes DNS configuration
Attempts to identify hypervisor via CPU configuration
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
CoinMiner
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments