MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee1e5fcaf442282176717ce59cc1993b6ec84317669ab6fa66633d9b5c8e172d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner.XMRig


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee1e5fcaf442282176717ce59cc1993b6ec84317669ab6fa66633d9b5c8e172d
SHA3-384 hash: 3d1ab978e4269833989d905145e79545a14f2cec3612a6097c1bd50966fbf09899083eb8e38827645dd50480f5fbeda2
SHA1 hash: b3057c401514f186b9b455ab4d5e1983441ae259
MD5 hash: 3dd10051662e6732e176b123e2db83c6
humanhash: ten-idaho-fanta-football
File name:3dd10051662e6732e176b123e2db83c6
Download: download sample
Signature CoinMiner.XMRig
Create hunting rule
File size:20'480 bytes
First seen:2022-10-28 19:01:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 384:1jWJewVA6gCgu7eLVIhYl/GcKW/GJ6LW4/sOCiWTlWc8:1jsVAkgqqyELBVCH
Threatray 1'564 similar samples on MalwareBazaar
TLSH T1B1923B22AB1C5613E269BE3FC0E7F85057F4FB835407CA0BB4912F492C0775AE6622C6
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon bc3aefadbc6c64d0 (1 x CoinMiner.XMRig, 1 x RustyStealer)
Reporter zbetcheckin
Tags:CoinMiner.XMRig exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
299
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3dd10051662e6732e176b123e2db83c6
Verdict:
No threats detected
Analysis date:
2022-10-28 19:03:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6f94e998-593f-4d87-ade3-c60742a73ffe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/325618/
Detection(s):
SecuriteInfo.com.Win64.Malware-gen.19560.11893.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
Launching a process
Creating a process with a hidden window
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/635c272d736e9d884f0d7aab/reports/ea14db2a-c8e2-4e16-8d01-ed198d7478f7/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1e51cf54-b02a-4e4a-a637-a836e54b8aee
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1100578
Signature
.NET source code contains potential unpacker
Encrypted powershell cmdline option found
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee1e5fcaf442282176717ce59cc1993b6ec84317669ab6fa66633d9b5c8e172d/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-10-28 17:33:00 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
9 of 26 (34.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ypf7sxuiiucc5trptszzqmzhnxmqqyxm2nln6tgmm6zwxeoc4wq._file
Verdict:
malicious
Similar samples:
02d7ab6afcf9f15fba169e0d8491499cf27a87fba17a3afd80bd6e5873a9338f
CoinMiner.XMRig
0818b9a336a3ed6868ff92baf070532650f993541d9a0459a27c397f4ffc98d9
CoinMiner.XMRig
1b31c24a4f9c661de8e328001d3e0c5cf93374d224b4d59c0b5e90b051dbeb88
CoinMiner.XMRig
45340696f311075cbef1929f4ce534aaa3b872e75f15a9d538ba7cd4f45b717d
CoinMiner.XMRig
4d1ff49d8b7a59faa4b9ea7af73906edb258b6dc6d29fbe5f0a76294c311eed0
CoinMiner.XMRig
5ca468704e7ccb8e1b37c0f7595c54df4e2f4035345b6e442e8bd4e11c58f791
CoinMiner.XMRig
a46ba907fa55dea9842e0c9a005d71190c7630d033432fa60c5e2996333c3bd9
CoinMiner.XMRig
df87259ab6b21a81c9f2ef378216554feccd48f14e4083c4275c41af14ca9577
CoinMiner.XMRig
e661db82b7389dfbad49ab5cc4aa55bab42dcf1f3fd87c424492c9401d4730b2
CoinMiner.XMRig
+ 1'554 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/221028-xpr5zabhdl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
Gathering data
Unpacked files
SH256 hash:
ee1e5fcaf442282176717ce59cc1993b6ec84317669ab6fa66633d9b5c8e172d
MD5 hash:
3dd10051662e6732e176b123e2db83c6
SHA1 hash:
b3057c401514f186b9b455ab4d5e1983441ae259
Link:
https://www.unpac.me/results/587d0c29-b770-4964-94d4-7b7c4f0c35e1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/ee1e5fcaf442282176717ce59cc1993b6ec84317669ab6fa66633d9b5c8e172d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner.XMRig

Executable exe ee1e5fcaf442282176717ce59cc1993b6ec84317669ab6fa66633d9b5c8e172d

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2389568/
Cape
Cape
https://www.capesandbox.com/analysis/325618/

Comments


Avatar
zbet commented on 2022-10-28 19:01:31 UTC

url : hxxp://45.83.122.33/System.Reflection.Emit.exe