MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7707fe4c69384493ced8f0defb76e6a9f4921e1ac14ae957329cbf92f1f00b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7707fe4c69384493ced8f0defb76e6a9f4921e1ac14ae957329cbf92f1f00b2
SHA3-384 hash: 4a2128c639c65b1ceeadc9c6a88f7c0b7052521864f0977e56416d3c36ed480f67592885f87949fb50b58a2845719c77
SHA1 hash: 6386138401de8932a59aedd9e93be47357b2c4ed
MD5 hash: e0c9000bba3fa60b8221972b1e59cda1
humanhash: mars-avocado-muppet-vegan
File name:SecuriteInfo.com.Trojan.InjectNET.14.21493.821
Download: download sample
Signature CoinMiner
Create hunting rule
File size:12'800 bytes
First seen:2020-12-22 09:56:49 UTC
Last seen:2020-12-22 10:34:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 384:mqXAb5X2uEIGcWPLMcL5ytPuLgLwlq4JN6T1Tn:xwlXPERceMweqkwrNG1Tn
Threatray 10 similar samples on MalwareBazaar
TLSH 9D423A5A7BEC9633D1EE0E3348F357000B71D1A58D13DBAB6499C11A4EB33D64722BA6
Reporter SecuriteInfoCom
Tags:CoinMiner

Intelligence

File Origin
# of uploads :
2
# of downloads :
619
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.InjectNET.14.21493.821
Verdict:
No threats detected
Analysis date:
2020-12-22 10:03:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1213a4c0-6c1b-4538-b7bb-1ab7c077b104

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108700/
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.21493.821.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Sending an HTTP GET request
Launching cmd.exe command interpreter
Creating a file
Creating a service
Launching a service
Loading a system driver
Sending a UDP request
Creating a window
Enabling autorun for a service
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/568095
Signature
.NET source code references suspicious native API functions
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Binary contains a suspicious time stamp
Connects to a pastebin service (likely for C&C)
Detected Stratum mining protocol
Downloads files with wrong headers with respect to MIME Content-Type
Found strings related to Crypto-Mining
Hijacks the control flow in another process
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7707fe4c69384493ced8f0defb76e6a9f4921e1ac14ae957329cbf92f1f00b2/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-08-28 18:09:16 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=65yh7zggsocesphnr4g67n3onkpusipbvqkk5fltfhf7sly7acza._file
Verdict:
malicious
Similar samples:
39734faf0a577140648e7a9c46220d612bd334a14c547e33a08af07e102fce30
CoinMiner
550f1f9f61e84341192a8059ebde76b260ef3e8bec2bcc692717ff57bcdc0c00
CoinMiner
720aa2910e6e575ee4b6429e3290dd27a116f407f567614ce242c63c9d83cd8b
CoinMiner
773a42f5dd2dbe163dbc36037d53a25675c29fd0dba24d19ccb249a6f590ef12
CoinMiner
a4bd1ce6832e9cfa0078b39e7dc035047ff593ff4f875fd19ed7ab54508fa7e4
CoinMiner
af56963172182772cfb8ece6dee221898b281e8f93a62dc82a08cc188131849f
CoinMiner
c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295
CoinMiner
c7f6ad7d3e040d26e8103885756e2f720a97a16f12ef44bf6707676d26680586
CoinMiner
ccc7d187ff725af5867b1358f3324be6155de93ce81079564d1fa22bac501702
CoinMiner
dea877be3b8ceb7eb4cb1bb40895bc6886d3ccb0f2498e7b3c4257d726a7d896
CoinMiner
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig miner
Link:
https://tria.ge/reports/201222-dfm3xqdkps/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Blocklisted process makes network request
XMRig Miner Payload
xmrig
Unpacked files
SH256 hash:
f7707fe4c69384493ced8f0defb76e6a9f4921e1ac14ae957329cbf92f1f00b2
MD5 hash:
e0c9000bba3fa60b8221972b1e59cda1
SHA1 hash:
6386138401de8932a59aedd9e93be47357b2c4ed
Link:
https://www.unpac.me/results/a7510f92-2502-4048-9ed7-b8fd40f6db31/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/f7707fe4c69384493ced8f0defb76e6a9f4921e1ac14ae957329cbf92f1f00b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe f7707fe4c69384493ced8f0defb76e6a9f4921e1ac14ae957329cbf92f1f00b2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/937443/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108700/

Comments