MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e739b990bade805539447c5145fc87240912b28c73a50858edcc3b4f7c298bc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e739b990bade805539447c5145fc87240912b28c73a50858edcc3b4f7c298bc7
SHA3-384 hash:	97db7592cb564c0765212611bd0ff3ec06277afca569c721ed02d78defe1a9b7c45ddc38f1cd9291a4324722aa2e94a5
SHA1 hash:	9a1fb4ae93be74b6dc3eee2b937b9cc1863bac53
MD5 hash:	45b5dd01bd9302ccd00e1624c779c187
humanhash:	fish-florida-oklahoma-four
File name:	e739b990bade805539447c5145fc87240912b28c73a50858edcc3b4f7c298bc7
Download:	download sample
File size:	3'118'739 bytes
First seen:	2020-11-07 22:28:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep	49152:Lz071uv4B0MkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleLWrJ5I/Pcq:NABJ
Threatray	118 similar samples on MalwareBazaar
TLSH	F8E533159F1E9D3FC7EC227C283E0E5F1791CA000011E9B1A6C729DA6A9CF6E265B53D
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

119

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Coinminer-7331384-0

Win.Trojan.Coinminer-7331970-0

Win.Trojan.Coinminer-7331971-0

Win.Trojan.Coinminer-7332650-0

Win.Trojan.Coinminer-9670639-0

Win.Trojan.Coinminer-9787657-0

Win.Trojan.Coinminer-9787666-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Launching a process

Creating a process from a recently created file

Connection attempt

Creating a window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e739b990bade805539447c5145fc87240912b28c73a50858edcc3b4f7c298bc7/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-07 22:38:46 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

17951136d0013f019008ac6efbef0a7e07191f8b9d1437a8f2288bdabaef12df

25883b9724bd25a86a10fe490ebaf04075002ff23c49540ac9b8803ff6c666c7

3a020d092c12fbf9ed870ae78cc215bf4f8986b8fc89a698d5461a69ade5e05f

407146c61a75f7671060b112142faf417a40b5b8be35ac0cb2fb931219ccb073

79358bd800eb2a907193bc1f9595b465ab22c1f1d7b562c0ceb6af3ce5e2e144

7a3df8be128db22761297239f1c8db1edaa04a7fbda1433607de05e969526b4f

99a195a691e9d13e10c9ba4289042e1c224f278d96fffa362181899aa10e83ac

c06cafcfdd784450a09653e8d571c658c25adf34b7a7e9715cf28cbd4353d3b8

c141c25789fb6d9ba283cf8b8657c97894132c998e91e2ff3dc79e9585addafe

c7c51b4c380b59c364a3ec2bad5e69139c662ae2cf8e920954d2cb01b512c8fd

+ 108 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201108-987s7kc296/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Blacklisted process makes network request

Executes dropped EXE

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample