MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da3b8a88c93f49e1d197caa2157876fc794b5cb3caaa69b482f5abf8ddbc523c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da3b8a88c93f49e1d197caa2157876fc794b5cb3caaa69b482f5abf8ddbc523c
SHA3-384 hash: ed0e59838425d2e080f072e10054cacd1da69089094273ada4dad05d8e639f11e76cc900429cd7bb2eb4290d31e2a11e
SHA1 hash: 13f13324419ca3fc671dd3946f4d43fcab3b6ff7
MD5 hash: b3f14137a8c5a1dc9d69f03cdd85f7c8
humanhash: rugby-sixteen-hydrogen-comet
File name:keygen-step-3.exe
Download: download sample
Signature CoinMiner
Create hunting rule
File size:890'368 bytes
First seen:2021-07-16 23:33:36 UTC
Last seen:2021-07-17 00:56:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6ef2fc23ca2d85215ddcf8b4448b79f (1 x CoinMiner)
ssdeep 24576:krhPHPvXUah7sUmIy0owD1OK7uwuFLerU80SKWn5:krF5YUmIFo+R70LeEW5
Threatray 19 similar samples on MalwareBazaar
TLSH T19015EFC282C3D4B3D915EDF9D33C9E57578E4E28C26813932944889A7F43AD6CC98B97
Reporter Anonymous
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
223
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://keygenit.com
Verdict:
Malicious activity
Analysis date:
2021-07-16 14:21:09 UTC
Tags:
evasion trojan rat azorult stealer raccoon fareit pony loader
Link:
https://app.any.run/tasks/f599b7ea-9a01-41bc-aaa0-8d056d4e8668

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172292/
Detection(s):
SecuriteInfo.com.Variant.Razy.324508.4244.8055.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ServHelper
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/12259f6b-6b19-4658-a386-cd7d6d533d16
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da3b8a88c93f49e1d197caa2157876fc794b5cb3caaa69b482f5abf8ddbc523c/
Threat name:
Win32.Spyware.Fbkatz
Create hunting rule
Status:
Malicious
First seen:
2021-07-16 08:37:34 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
12bbe24de7cb5efda944526935ce54a013d93d99b366b9f74a19828ddc987ebc
CoinMiner
1863a7088799029acf04f2ed7b2ce4d473f27df19a36e373f1a6287aeb77ee9b
CoinMiner
2d80eb1f45fbbfa834211cb26597c463d3033217afa53cd9727f4030cf25e122
CoinMiner
34eea6a07ea67c590471581473b4a17d5ac8214e1ec94464af43fb2ce7334808
CoinMiner
47b989b710739b1c88408ca9bf1b4e833cdab68b4c205c5bcbd94bec501c9b80
CoinMiner
5397b6d592556e4d65cd442190cfbcba5b3d253b0fbfcc0a16f1c6f2b48a58c4
CoinMiner
8e4f30afa8d0ce48c46a39e2754d8f7adad90ae8ccaf0132b354be76076b20cc
CoinMiner
b11bd18587058601cde1be46ec722f2ddc96fddd976f3a263e4d0358e8e08865
CoinMiner
b88584dde985bb05eef183a2f339bef9ebdf7adf3b7ce58a71e78e638e6a2123
CoinMiner
bc5e3b9e7638a68bbb36387281fedc1bedb12d67575b9242a47c0bf0c8f3c265
CoinMiner
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210716-b9pc4ssmrx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Deletes itself
Executes dropped EXE
Unpacked files
SH256 hash:
34340bf6f0cadd202670babd3fb0c2a2fedfc85aa23761143b16fa9ff750300b
MD5 hash:
c162f446f365398eddca3acf45db8df7
SHA1 hash:
6342befa40bd3c1dffcc57ea89ead0b9928ad82a
Link:
https://www.unpac.me/results/14b1e924-4e3c-4d69-aabb-c547f2417bb6/
SH256 hash:
da3b8a88c93f49e1d197caa2157876fc794b5cb3caaa69b482f5abf8ddbc523c
MD5 hash:
b3f14137a8c5a1dc9d69f03cdd85f7c8
SHA1 hash:
13f13324419ca3fc671dd3946f4d43fcab3b6ff7
Link:
https://www.unpac.me/results/14b1e924-4e3c-4d69-aabb-c547f2417bb6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/da3b8a88c93f49e1d197caa2157876fc794b5cb3caaa69b482f5abf8ddbc523c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/172292/

Comments