MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1d2a644341ea818f5decd36f6a627b2e9e94ae5e4a023de22dd6c20580a68ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	f1d2a644341ea818f5decd36f6a627b2e9e94ae5e4a023de22dd6c20580a68ad
SHA3-384 hash:	ad972dac221f7e5c4bea47c7e893f1c5df59049e877579287602ea1528194945931903c92a378f9f5542b9c2fb983b82
SHA1 hash:	8618bf693a1e63cc2655e30b587003ce1f3e1a87
MD5 hash:	b20c0ea40b64a14910595abb2b4eb4ec
humanhash:	hawaii-beryllium-black-ceiling
File name:	f1d2a644341ea818f5decd36f6a627b2e9e94ae5e4a023de22dd6c20580a68ad
Download:	download sample
File size:	1'917'495 bytes
First seen:	2020-11-07 19:00:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep	24576:zv3/fTLF671TilQFG4P5VMkibTJH+2Q/ynKeWY1s38kQu12bPxvyuzaBgJ9pcFt4:Lz071uv4BVMkibTIA5I4TNrpDGK/A8
Threatray	110 similar samples on MalwareBazaar
TLSH	289533128A286E3EC7B812792CBD0F4711D0CB2114418DF9D7EB5C976A9DBBD150FA2B
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

50

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Coinminer-7331384-0

Win.Trojan.Coinminer-7331970-0

Win.Trojan.Coinminer-7331971-0

Win.Trojan.Coinminer-7332649-0

Win.Trojan.Coinminer-7332650-0

Win.Trojan.Coinminer-9670639-0

Win.Trojan.Coinminer-9787657-0

Win.Trojan.Coinminer-9787666-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Launching a process

Creating a process from a recently created file

Connection attempt

Creating a window

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f1d2a644341ea818f5decd36f6a627b2e9e94ae5e4a023de22dd6c20580a68ad/

Gathering data

Verdict:

malicious

Similar samples:

0b66b1deec9b595f7fed1f044692eddf8b086de8ea1f49b44f3dd5cffc89c5d3

10ccda6e4c721ff4c8269da789ed3c105892c4b98719d039c7519fbfa0a9138e

3917659714f9e7002c2ee4609034c29611fd9004722f7ded813b7677e2b23f40

40a9aec50b36e24844d2e0afb96eb4bf2d058278e2ad4944ea49c0745c09147c

65ded04b1d36d94598bb961bc8186f91894c515cb40c8f4f55b32704997da35d

7bb865328f85095be86faa5e85dec51187d0a594dc871b71f108c0dbe70a2d2d

7d2381db2f3ded0a6646b3a65e5a4737eee235021ec91adaa70ab6eef532e389

bf405687cd27cfe531be4b76ba191961ebaccc8edf694766921a98f246b30178

c7c51b4c380b59c364a3ec2bad5e69139c662ae2cf8e920954d2cb01b512c8fd

daf16ca75814d0af8a7ac7c9f56a048a7c58fe706b0aae0279a1ce904919e94f

+ 100 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201108-3wk84dc8c2/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

UPX packed file

Blacklisted process makes network request

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample