Task Information
Task ID: db113f48-8138-11f0-8fb7-42010aa4000b File name: 28b1a118.exe Task parameters: ClamAV scan: True Unpack: False Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
The following YARA rules matched on the file (static analysis).
Rule name: CoinMiner_Strings
Author: Florian Roth (Nextron Systems) Description: Detects mining pool protocol string in Executable Reference: https://minergate.com/faq/what-pool-address TLP: TLP:WHITE
Rule name: CP_AllMal_Detector
Author: DiegoAnalytics Description: CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication TLP: TLP:WHITE Repository: YARAify
Rule name: DebuggerCheck__API
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara TLP: TLP:WHITE
Rule name: classified Author: classified Description: classified Reference: classified TLP TLP:AMBER
Rule name: MAL_XMR_Miner_May19_1
Author: Florian Roth (Nextron Systems) Description: Detects Monero Crypto Coin Miner Reference: https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/ TLP: TLP:WHITE
Rule name: MAL_XMR_Miner_May19_1_RID2E1B
Author: Florian Roth Description: Detects Monero Crypto Coin Miner Reference: https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/ TLP: TLP:WHITE
Rule name: PUA_Crypto_Mining_CommandLine_Indicators_Oct21
Author: Florian Roth (Nextron Systems) Description: Detects command line parameters often used by crypto mining software Reference: https://www.poolwatch.io/coin/monero TLP: TLP:WHITE
Rule name: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20
Author: Florian Roth (Nextron Systems) Description: Detects XMRIG crypto coin miners Reference: https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/ TLP: TLP:WHITE Repository: Neo23x0
Rule name: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20_RID33BA
Author: Florian Roth Description: Detects XMRIG crypto coin miners Reference: https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/ TLP: TLP:WHITE
Rule name: SEH__vectored
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara TLP: TLP:WHITE
Rule name: SUSP_XMRIG_String
Author: Florian Roth (Nextron Systems) Description: Detects a suspicious XMRIG crypto miner executable string in filr Reference: Internal Research TLP: TLP:WHITE Repository: Neo23x0
Rule name: SUSP_XMRIG_String_RID2D18
Author: Florian Roth Description: Detects a suspicious XMRIG crypto miner executable string in filr Reference: Internal Research TLP: TLP:WHITE
Rule name: ThreadControl__Context
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara TLP: TLP:WHITE
Rule name: XMRIG_Monero_Miner
Author: Florian Roth (Nextron Systems) Description: Detects Monero mining software Reference: https://github.com/xmrig/xmrig/releases TLP: TLP:WHITE
Rule name: XMRIG_Monero_Miner_RID2DC1
Author: Florian Roth Description: Detects Monero mining software Reference: https://github.com/xmrig/xmrig/releases TLP: TLP:WHITE
Rule name: xmrig_v1
Author: RandomMalware TLP: TLP:WHITE Repository: YARAify
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter