MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e96b3b7b28854acb8837084f6b3908b90eec159887054214b92ade6d14930608. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner.XMRig


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e96b3b7b28854acb8837084f6b3908b90eec159887054214b92ade6d14930608
SHA3-384 hash: ac61beb266b2888788339c018688ba4d2badb22f8d826b97401fcb0a523169c7fbf7f9b51b09516b9198101f8b879685
SHA1 hash: eed08584786440ad3b5046ec70c7f7be5fb50852
MD5 hash: 11a7cbbb33dbafc6316a1f28c28d9d2b
humanhash: video-bulldog-robin-oven
File name:SecuriteInfo.com.FileRepMalwareMisc.12647.24907
Download: download sample
Signature CoinMiner.XMRig
Create hunting rule
File size:3'296'712 bytes
First seen:2022-03-23 09:13:40 UTC
Last seen:2022-03-25 06:57:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4e4095a0d90406c8428c5d9a9c6b05b7 (26 x CoinMiner, 4 x CoinMiner.XMRig)
ssdeep 98304:qiJw7RtHi6tyB2IzIVUhdqH2/A4oS8REAyM:b4sbXcVI+q2SsEHM
Threatray 39 similar samples on MalwareBazaar
TLSH T1ABE502FA62443398C45ACC345433FD45F2F6511E1BE9D6AE79CB7AC03FAA800D916B4A
Reporter SecuriteInfoCom
Tags:CoinMiner.XMRig exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/256097/
Detection(s):
SecuriteInfo.com.FileRepMalwareMisc.12647.24907.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Launching a process
Creating a process with a hidden window
DNS request
Searching for synchronization primitives
Sending an HTTP GET request
Connecting to a cryptocurrency mining pool
Sending a custom TCP request
Creating a service
Launching a service
Loading a system driver
Blocking the Windows Defender launch
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun for a service
Sending an HTTP GET request to an infection source
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  0/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/10769/overview
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/623ae500b94fb38cb4d7f5b3/reports/ff55e713-723c-4f99-bc6a-040e9a20c672/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Phoenix Miner Xmrig
Create hunting rule
Detection:
malicious
Classification:
evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/962706
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e96b3b7b28854acb8837084f6b3908b90eec159887054214b92ade6d14930608/
Threat name:
Win64.Ransomware.Foreign
Create hunting rule
Status:
Malicious
First seen:
2022-03-23 08:22:58 UTC
File Type:
PE+ (Exe)
AV detection:
21 of 42 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5fvtw6ziqvfmxcbxbbhwwoiixehoyfmyq4cueffzflpg2fetayea._file
Verdict:
malicious
Similar samples:
06dbbdd3df2de3fba52f72cbac4c5d1e06f794de90a29fa7ea2f449e3a4fc37d
CoinMiner.XMRig
097ba0ebd6a50a4d1ab371359c0e5a0e5270a8b224c8264e48ac26b4f0e3bb81
CoinMiner.XMRig
4da62d5e2adb97fc25ed5b755313441f4c698228719e39e71b609547b17eece1
CoinMiner.XMRig
69a7e42a1c0b9413c66f96880ba467ebe5b103740224f0d90dd5ad0862e37a5d
CoinMiner.XMRig
6aa5078347357a441ef4427f92696b1d87bca4602c34ce794dbb051463e137f1
CoinMiner.XMRig
a937c812adee4ba5abeb9dbc4feebb4b9443d8cc1323587b497922c071edfec4
CoinMiner.XMRig
c47c10545767892ba8fdaa1ba682295251016938318d807fe40736e5ae832322
CoinMiner.XMRig
f563d62dbc6bcf5f8c0f977bcd3bc66d39ee43cc5abdd63d3de105755dab3f91
CoinMiner.XMRig
fc739b3b8bd5157690d248132ee974ad3d62292959d99cc68c44b2d61cb3907d
CoinMiner.XMRig
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence trojan upx
Link:
https://tria.ge/reports/220323-k7jv4afgbj/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Downloads MZ/PE file
UPX packed file
Modifies Windows Defender Real-time Protection settings
Unpacked files
SH256 hash:
e96b3b7b28854acb8837084f6b3908b90eec159887054214b92ade6d14930608
MD5 hash:
11a7cbbb33dbafc6316a1f28c28d9d2b
SHA1 hash:
eed08584786440ad3b5046ec70c7f7be5fb50852
Link:
https://www.unpac.me/results/1faf942b-2e53-42d3-ac31-a0d1f71e5f4a/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e96b3b7b2885/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e96b3b7b28854acb8837084f6b3908b90eec159887054214b92ade6d14930608

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner.XMRig

Executable exe e96b3b7b28854acb8837084f6b3908b90eec159887054214b92ade6d14930608

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2111883/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/256097/

Comments