MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e08f276f148db04bdcd9fe52e5418b06572a5c537e5610d1ef711591c6d416bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e08f276f148db04bdcd9fe52e5418b06572a5c537e5610d1ef711591c6d416bf
SHA3-384 hash: ebbc701328075aa1f87148f98de5e9eb27b08046276595cdf6ae116e50385265d64bf5b712114576f9fe475f83b3d403
SHA1 hash: 1d7a98423b6ae685d95b5d7bde341845d167cd3b
MD5 hash: b2cfbcd874889e7528b1315c02b5f874
humanhash: finch-magnesium-nine-october
File name:b2cfbcd874889e7528b1315c02b5f874
Download: download sample
Signature CoinMiner
Create hunting rule
File size:157'184 bytes
First seen:2021-07-15 06:04:14 UTC
Last seen:2021-07-15 06:44:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:NXCoZrzjvaFuCClKJvtNK/Iqr35bgMwxHHUtoGO2SD:N1dvl9UjK/3Dufs
Threatray 18 similar samples on MalwareBazaar
TLSH T126E35C1D6E8BB8DBE8240AB55867E6D1066CDFA5F1E1069C34E8BE3CB7D2474C504FA0
Reporter zbetcheckin
Tags:CoinMiner exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b2cfbcd874889e7528b1315c02b5f874
Verdict:
No threats detected
Analysis date:
2021-07-15 06:06:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/054eeb45-ae43-477f-8cc3-3b59afdf36a9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171865/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46627209.7674.13818.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8b15097f-b353-4ae6-a235-d790ade00fe8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/816674
Signature
.NET source code contains potential unpacker
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses nslookup.exe to query domains
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 449085 Sample: l4w9e3daPT Startdate: 15/07/2021 Architecture: WINDOWS Score: 76 59 Multi AV Scanner detection for submitted file 2->59 61 .NET source code contains potential unpacker 2->61 63 Machine Learning detection for sample 2->63 65 Uses nslookup.exe to query domains 2->65 8 l4w9e3daPT.exe 6 2->8         started        12 nslookup.exe 5 2->12         started        process3 dnsIp4 39 C:\Users\user\AppData\Roaming\nslookup.exe, PE32+ 8->39 dropped 41 C:\Users\...\nslookup.exe:Zone.Identifier, ASCII 8->41 dropped 43 C:\Users\user\AppData\...\l4w9e3daPT.exe.log, ASCII 8->43 dropped 67 Uses nslookup.exe to query domains 8->67 15 cmd.exe 1 8->15         started        18 nslookup.exe 14 5 8->18         started        53 140.82.121.4, 443, 49732 GITHUBUS United States 12->53 55 raw.githubusercontent.com 12->55 57 github.com 12->57 45 C:\Users\user\AppData\...\sihost32.exe, PE32+ 12->45 dropped 69 Multi AV Scanner detection for dropped file 12->69 71 Machine Learning detection for dropped file 12->71 21 sihost32.exe 2 12->21         started        23 cmd.exe 1 12->23         started        file5 signatures6 process7 dnsIp8 73 Uses schtasks.exe or at.exe to add and modify task schedules 15->73 25 conhost.exe 15->25         started        27 schtasks.exe 1 15->27         started        47 194.147.142.230, 49728, 49729, 80 PTPEU unknown 18->47 49 github.com 140.82.121.3, 443, 49730 GITHUBUS United States 18->49 51 raw.githubusercontent.com 185.199.110.133, 443, 49731, 49733 FASTLYUS Netherlands 18->51 29 cmd.exe 1 18->29         started        75 Machine Learning detection for dropped file 21->75 31 conhost.exe 23->31         started        33 schtasks.exe 1 23->33         started        signatures9 process10 process11 35 conhost.exe 29->35         started        37 schtasks.exe 1 29->37         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e08f276f148db04bdcd9fe52e5418b06572a5c537e5610d1ef711591c6d416bf/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-15 00:40:44 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4chso3yurwyexxgz7zjokqmlazlsuxctpzlbbuppoekzdrwuc27q._file
Verdict:
suspicious
Similar samples:
0ddd995a4e7c7322e3552bdaa5df41a6a8e4db14054f0a4a410231092ac3c6de
CoinMiner
6c3a2575d3325e7a0f520a5fefa0384855980461683e6c7463debbd668ab3258
CoinMiner
74b13418d9f50f94920aa870823732618509599ed36a57e440c32c1e9cd928f2
CoinMiner
995ab2c020f8d8ac61c6c5e2bfdd383f2134a6463ea2ba218337b80b639e13cd
CoinMiner
a1a0ca95d42cb766533d9c4a8260cdcea4abab6d17214b711b7f366fbafe2413
CoinMiner
b50cfd0edcdb6b99115f83ae101003203d113e40e7cf1fa9c796886115f8c994
CoinMiner
c9181af10ea92bd10670128f29becf59ace555e7c3b2f249a0a0ee7930ac64cc
CoinMiner
e15ea1dc92dd31517334886dba17d7022c73d258096bf77f897ef60c1b8302b1
CoinMiner
e8c4bcdcf46f101cc7126f7bde6955f6a971d06dc2bea9f6499594b475b091e2
CoinMiner
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210715-sb4h5gzldx/
Behaviour
Creates scheduled task(s)
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
e08f276f148db04bdcd9fe52e5418b06572a5c537e5610d1ef711591c6d416bf
MD5 hash:
b2cfbcd874889e7528b1315c02b5f874
SHA1 hash:
1d7a98423b6ae685d95b5d7bde341845d167cd3b
Link:
https://www.unpac.me/results/b816b8f2-a466-4bc8-a9d7-872524859fea/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e08f276f148db04bdcd9fe52e5418b06572a5c537e5610d1ef711591c6d416bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe e08f276f148db04bdcd9fe52e5418b06572a5c537e5610d1ef711591c6d416bf

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/171865/
  
URLhaus
https://urlhaus.abuse.ch/url/1094119/

Comments


Avatar
zbet commented on 2021-07-15 06:04:15 UTC

url : hxxp://194.147.142.230/download/activationeth.exe