MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fab7787c4091df4416960dd16b043e78c1e63e70db42841094a073912a7c39f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	fab7787c4091df4416960dd16b043e78c1e63e70db42841094a073912a7c39f7
SHA3-384 hash:	242aa3a1a0b36ef47352a3d0657642390a0786f596db95223757cd432fad76f85dd5428329056ec12fe5c6e23b887a1b
SHA1 hash:	5a481e8dba3df6b5a16dc3f22da038afa439f2f4
MD5 hash:	55fe248d64630753d644e6cce8075364
humanhash:	alaska-lake-indigo-foxtrot
File name:	55fe248d64630753d644e6cce8075364.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	3'273'618 bytes
First seen:	2021-10-13 17:04:32 UTC
Last seen:	2021-10-13 18:18:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c05041e01f84e1ccca9c4451f3b6a383 (141 x RedLineStealer, 101 x GuLoader, 64 x DiamondFox)
ssdeep	49152:Wg3mEwprI6Uv4B4tpzvXoJkM1P5dlFN7JNlr1SR3eDawS8N+1RzxrooU:HWEwppS4B4tBT6PrzN7Jf1OpH0oU
Threatray	1'311 similar samples on MalwareBazaar
TLSH	T154E5339B2FB4DC17E324C970BD6090E8A4D20C77E15C8345E780B71EB37B9997929A9C
File icon (PE):
dhash icon	f0dc96978e8edcf0 (2 x CoinMiner, 1 x ArkeiStealer, 1 x RedLineStealer)
Reporter	abuse_ch
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

188

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

55fe248d64630753d644e6cce8075364.exe

Verdict:

No threats detected

Analysis date:

2021-10-13 20:02:29 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a641183a-73c0-4a21-8bc3-b31f2e609232

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/197310/

Detection(s):

SecuriteInfo.com.Trojan.InjectNET.14.30557.9982.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/616711c51c2d58ba7405084a/reports/f6a2d5d3-92e9-496b-b6c3-fc0f2221982e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1f8a6568-96ee-4681-a352-33a929438884

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/869877

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fab7787c4091df4416960dd16b043e78c1e63e70db42841094a073912a7c39f7/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-10-13 17:07:45 UTC

AV detection:

22 of 45 (48.89%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

2d3675bba3da579b093fd576fca9d1a47a3100d358391b5b7f3a368ee35a69e7

384b35bfb6d07dda3ea948bb9aa47a3024822ff40d21a13932381d6386643acc

624e6882f3abb051fa7f30627720356a12b5168c83018f192ae6e96dded6def6

788510bf3fc20aacc76bd0ed1884ff8452f4e79023f2f3ad3072efbd7e74139d

7d803e44c98cd23b971f692182f8d1d508fe82fb0fd6b681e7896c552d88411a

80b056a8c2fee08fd3361a8a271dea407425ca335275d49f81a1c50a06d9ed98

8532972f199b85a336710c894ddebea7560f7f19c774b52a0d648275960e4db4

ab8d377d550ebae841ab75d2d6257fb38960efc049037bbd2468483871897e5d

eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6

f2fcd49dd7ce2e64415e73f5276e813e90d53dea18f5fba68e1c8b55e0c1f631

+ 1'301 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/211013-vlv2caeff9/

Behaviour

Enumerates physical storage devices

Unpacked files

SH256 hash:

fab7787c4091df4416960dd16b043e78c1e63e70db42841094a073912a7c39f7

MD5 hash:

55fe248d64630753d644e6cce8075364

SHA1 hash:

5a481e8dba3df6b5a16dc3f22da038afa439f2f4

Link:

https://www.unpac.me/results/602a624f-8e11-40d8-aa81-276919f50480/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.22

Link:

https://yomi.yoroi.company/submissions/fab7787c4091df4416960dd16b043e78c1e63e70db42841094a073912a7c39f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe fab7787c4091df4416960dd16b043e78c1e63e70db42841094a073912a7c39f7

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/197310/

URLhaus

https://urlhaus.abuse.ch/url/1646847/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample