ioc[.]one - OSINT Cyber Threat Intelligence Database

Coinminer - Malware Analysis

Tags

cmtmf-attack-pattern:

attack-pattern:

Data Archive Collected Data - T1560 Archive Collected Data - T1532 Code Signing - T1553.002 Dll Side-Loading - T1574.002 File Deletion - T1070.004 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Process Discovery - T1424 Powershell - T1059.001 Service Execution - T1569.002 Software - T1592.002 Thread Local Storage - T1055.005 Virtualization/Sandbox Evasion - T1497 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Dll Side-Loading - T1073 Execution Through Module Load - T1129 Remote File Copy - T1105 Masquerading - T1036 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Remote System Discovery - T1018 Masquerading

Show in Graph

Common Information

Type	Value
UUID	0b83c152-ad82-4d58-8d0d-90b2a6a7a183
Fingerprint	94906ae1897993f3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 3, 2024, 10:57 a.m.
Added to db	Nov. 3, 2024, 12:30 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Coinminer - Malware Analysis
Title	Coinminer - Malware Analysis
Detected Hints/Tags/Attributes	89/2/54

Source URLs

	Redirection	Url
Details	Source	https://jul1.medium.com/coinminer-malware-analysis-61970dcb166b?source=rss------malware-5
Details	Source	https://jul1.medium.com/coinminer-malware-analysis-61970dcb166b?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	jul1.medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08
Details	171	✔	Malware on Medium	https://medium.com/feed/tag/malware	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	93	bazaar.abuse.ch
Details	File	1	coinminer.exe
Details	File	271	chrome.exe
Details	File	1	abcd.txt
Details	File	1208	powershell.exe
Details	File	23	'.exe
Details	File	2125	cmd.exe
Details	File	41	wusa.exe
Details	File	118	sc.exe
Details	File	9	powercfg.exe
Details	File	1	%allusersprofile%\xhzmmmxzrrwn\fqwofdtexigy.exe
Details	File	1	c:\coinminer.exe
Details	File	8	choice.exe
Details	File	1	fqwofdtexigy.exe
Details	File	1	w2ehparsup.exe
Details	File	59	c:\windows\system32\mrt.exe
Details	File	533	ntdll.dll
Details	File	1	vps64.exe
Details	File	16	winring0.sys
Details	File	1	f8bda1038a396707475a9a8db0003e524030fd4f.exe
Details	File	33	nslookup.exe
Details	File	4	c:\windows\system32\nslookup.exe
Details	File	1	c:\windows\temp\lvvrmxqkwnox.sys
Details	File	1	c:\programdata\xhzmmmxzrrwn\fqwofdtexigy.exe
Details	md5	1	61CC7E8A49ED8D3B193E9394907B7081
Details	md5	1	444e574f23ea438cb1649f24e3315ebd
Details	md5	1	446dd1cf97eaba21cf14d03aebc79f27
Details	md5	1	61cc7e8a49ed8d3b193e9394907b7081
Details	sha1	1	3772b0565ade82696b4382d783a96ee4691438ce
Details	sha1	1	36e4cc7367e0c7b40f4a8ace272941ea46373799
Details	sha1	1	f8bda1038a396707475a9a8db0003e524030fd4f
Details	sha256	1	3aeab6e4d9fb1e51c0d94069517fd681ebc9cb4ab5a945650c17e50a19c958a2
Details	sha256	1	9abd58c7fbd548a574a9d99c9048e9269428a7c2fa1324d63e177e2460f88eae
Details	sha256	1	a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
Details	sha256	1	a2d7b3a0425ac23b1fda3c12674ead2d7cd06ac36ce98b5fe04e1469d618ce3a
Details	sha256	6	11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
Details	sha256	1	20b3be3aa8f0130b85379e7862946c6fb6c179a58137ac7dbbcb21a0f4d321cf
Details	MITRE ATT&CK Techniques	55	T1553.002
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	1	T1055.005
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	Url	1	https://bazaar.abuse.ch/download/b56608aa06ded2deaf07
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
Details	Yara rule	1	rule CoinMiner { meta: description = "CoinMiner.exe - 3aeab6e4d9fb1e51c0d94069517fd681ebc9cb4ab5a945650c17e50a19c958a2" date = "2024-11-03" hash1 = "3aeab6e4d9fb1e51c0d94069517fd681ebc9cb4ab5a945650c17e50a19c958a2" strings: $s1 = "; 2\"+,2" ascii fullword $s2 = "\"/\"$#2!1?" ascii fullword $s3 = ":?6==,D >" ascii fullword $s4 = "%,!63#,#%" ascii fullword $s5 = "3^:.^)>B#,?!$6=8,:" ascii fullword $s6 = ";-3/%+>0" ascii fullword $s7 = "2/<D<'52" ascii fullword $s8 = "^&>\"745.6" ascii fullword $s9 = "\"?:=2.&7+" ascii fullword $s10 = "_7('7/\"?" ascii fullword condition: uint16(0) == 0x5a4d and filesize < 6252KB and filesize > 5116KB and all of ($s*) }