MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc68415e16823517c0b65069a762b5fb4c9753cdb6c162488bf4aa8f92767bea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureMiner

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	dc68415e16823517c0b65069a762b5fb4c9753cdb6c162488bf4aa8f92767bea
SHA3-384 hash:	fd627afaf63231accb1b024778cd3af28e879be63a9da78a5f1d9878b3e99b45d04a8ac81076a7638956c670fb70d49a
SHA1 hash:	6c42a494b29e2d02354d3de3124947a96d9c5196
MD5 hash:	dfb141fdada5124b6850bbd204a752b9
humanhash:	butter-shade-blue-dakota
File name:	dfb141fdada5124b6850bbd204a752b9.exe
Download:	download sample
Signature	PureMiner Create hunting rule
File size:	80'896 bytes
First seen:	2022-10-26 10:10:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	1536:t294GZjzQwK5WW7VCn6Ky3FAmu3wtBUniymYq07sZzSTskOzBqMFTmVcl:t27e5BV0uUniyED8IT8Y
Threatray	2'583 similar samples on MalwareBazaar
TLSH	T172839D003B9879D5E824CAF09C6AABDA0365CF9854A283A834F8FE7F7F81854C515FD1
TrID	63.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	f0c4824ccecef4f8 (7 x AsyncRAT, 5 x XWorm, 3 x Formbook)
Reporter	abuse_ch
Tags:	exe PureMiner

Intelligence

File Origin

# of uploads :

# of downloads :

241

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

dfb141fdada5124b6850bbd204a752b9.exe

Verdict:

No threats detected

Analysis date:

2022-10-26 10:13:11 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/90a53d99-75e8-49f1-88b2-0939309e5248

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/324324/

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.28639.15672.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending an HTTP GET request

Launching a process

Creating a process with a hidden window

Unauthorized injection to a system process

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/28384fb2-ebff-4ad8-98cc-4a371542bf08

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1098297

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Encrypted powershell cmdline option found

Machine Learning detection for sample

Snort IDS alert for network traffic

Yara detected Costura Assembly Loader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dc68415e16823517c0b65069a762b5fb4c9753cdb6c162488bf4aa8f92767bea/

Threat name:

ByteCode-MSIL.Trojan.Scarsi

Status:

Malicious

First seen:

2022-10-26 09:19:00 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

14 of 26 (53.85%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=3ruecxqwqi2rpqfwkbu2oyvv7ngjou6nw3awesel6svi7etwppva._file

Verdict:

malicious

Label(s):

asyncrat

PureMiner

7efc5412627522e01e6be72ff0d8528c7cb140cf741e61458d50b653242e2b76

PureMiner

b2e31ed9833299ec3c166877db92ff5d477858f5867ca5494b26a82558e4616e

PureMiner

d57321805b57d9a004d652b7d8b00d9045d6940800653374e2a47c7dad2e9196

PureMiner

d5d8501413231217f31c6b614fbc4e5cba5ba8cabb6da772e5ed82e484238088

PureMiner

e8b057817c2bbda7191f4b4e53b913caff6f2cbda1a0cbf68f32e2f4d45f1c42

PureMiner

f15bf4c786172149ed0b9e57b08c695b01095b9167de714ea61768f021ae9ff0

PureMiner

fa8d8657315c0ff3057652f4b34194de08fa9d2ff3028ad2043b53c551851358

PureMiner

+ 2'573 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/221026-l7zf8afddm/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Checks computer location settings

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/031c58d4-3d2c-425b-9caa-f7da8fdec423

Unpacked files

SH256 hash:

dc68415e16823517c0b65069a762b5fb4c9753cdb6c162488bf4aa8f92767bea

MD5 hash:

dfb141fdada5124b6850bbd204a752b9

SHA1 hash:

6c42a494b29e2d02354d3de3124947a96d9c5196

Detections:

PureCrypter_Stage1

Link:

https://www.unpac.me/results/09231bbe-e57b-4d2f-b342-5b316ad9750f/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/dc68415e1682/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.60

Link:

https://yomi.yoroi.company/submissions/dc68415e16823517c0b65069a762b5fb4c9753cdb6c162488bf4aa8f92767bea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureMiner

exe dc68415e16823517c0b65069a762b5fb4c9753cdb6c162488bf4aa8f92767bea

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2307201/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/324324/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample