MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a
SHA3-384 hash: f40851e2d63598f7168ee25a68ac8598076fe8268c008600a4bebfca92666918751aa4fea92a9861c46cf89ebf0eba79
SHA1 hash: c116ab045ff1441a9957dda88b7e97c060baae05
MD5 hash: 960f16702bd4364dc846dce187b7a60c
humanhash: stairway-quebec-sweet-washington
File name:Downloads.zip
Download: download sample
Signature CoinMiner
Create hunting rule
File size:5'009 bytes
First seen:2023-12-10 09:59:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 96:nz70IC70IR70Iw70IL70IQC70I/I70IJ70IO70ry8U1fSB53vZm:nbeZszQe/ERxy8U1fSB53vY
TLSH T1C2A1D052E99FF1D6ECF7D3704CC073BEE5DABB1B8554350E9494146440F626A161CF22
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter Xev
Tags:CoinMiner CoinMiner.XMRig Downloader zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
GR GR
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:tesy - Copy (4) - Copy.bat
File size:700 bytes
SHA256 hash: 9af34ca7397ffb95cfe45763bcb525eec130c4c5e97a6f82e0d471eee808b291
MD5 hash: 879c5159c15fb3a80628bc964eb77c4d
MIME type:text/x-msdos-batch
Signature CoinMiner
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
88%
Tags:
cmd powershell
Link:
https://www.filescan.io/uploads/65758c23eba1080314889eec/reports/a4391720-2bf7-4fc3-8b51-4717bfa226ee/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a
Score:
2%
Verdict:
Benign
File Type:
Archive
Link:
https://malprob.io/report/f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-08-23 02:51:55 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
1 of 37 (2.70%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6bxvak5umkgwyfunjlzjtembd75kjxrnthripbte24mb43xozyfa._file
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig miner
Link:
https://tria.ge/reports/231210-l43dpsdabk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Executes dropped EXE
Blocklisted process makes network request
XMRig Miner payload
xmrig
Malware Config
Dropper Extraction:
https://cdn.nest.rip/uploads/422d676c-8e4d-4d44-a5f3-76537ee06a9c.zip
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

CoinMiner

zip f06f502bb4628d6c168d4af29991811ffaa4de2d99e2878664d7181e6eeece0a

(this sample)

CoinMiner

zip 366b88c9d03a02d78217b6f707a34f7d8592a60b2d08ef66845698c304837de0

  
Dropping
SHA256 366b88c9d03a02d78217b6f707a34f7d8592a60b2d08ef66845698c304837de0

Comments