Twitch Drops Miner (by DevilXD).exe,chaosv6.exe

Sample information


40

Antivirus detections

0

IDS alerts

3

Processes

0

Http events

0

Contacted hosts

0

DNS Requests

    3


    Score

Current activity of this Sample

Blacklist timeline

Generic Malware

Hybrid-Analysis

First seen: Thu Apr 25 2024 03:00:03 GMT+0000
Last seen: Fri Oct 04 2024 16:00:07 GMT+0000
Period: 5 months
Hashes
Filename:
Twitch Drops Miner (by DevilXD).exe,chaosv6.exe
md5:
5a78f297d3b3c9d31a11bc173eb993f9
sha1:
8a1715c052191f2d0666b8be07ec44e726076942
sha256:
a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48

In depth details
Filetype:
PE32+ executable (GUI) x86-64, for MS Windows
Size (Bytes):
270848
Classification:
malicious

Dates
Indexed:
Thu Apr 25 2024 02:50:35 GMT+0000 (a year ago)
Last modified:
Wed Feb 12 2025 05:37:14 GMT+0000 (5 months ago)

Developers can check API Specification here:

API Specification

Request:

          
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48

Request:

Alternatively you can use Maltiverse Python3 Library: 
          
import requests
import json

url = 'https://api.maltiverse.com/sample/a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))

Request:

          
$url = 'https://api.maltiverse.com/sample/a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48'
$headers =  @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response

Response:

      
{
    "antivirus": [
        {
            "description": "Malicious",
            "name": "APEX"
        },
        {
            "description": "Win64:Evo-gen [Trj]",
            "name": "AVG"
        },
        {
            "description": "Win64:Evo-gen [Trj]",
            "name": "Avast"
        },
        {
            "description": "W64.AIDetectMalware",
            "name": "Bkav"
        },
        {
            "description": "unsafe",
            "name": "Cylance"
        },
        {
            "description": "MALICIOUS",
            "name": "DeepInstinct"
        },
        {
            "description": "W32/PossibleThreat",
            "name": "Fortinet"
        },
        {
            "description": "Win64.Trojan.Agent.HVOHDZ",
            "name": "GData"
        },
        {
            "description": "Detected",
            "name": "Google"
        },
        {
            "description": "Trojan.Win64.Malgent",
            "name": "Ikarus"
        },
        {
            "description": "Riskware ( 00584baa1 )",
            "name": "K7AntiVirus"
        },
        {
            "description": "Riskware ( 00584baa1 )",
            "name": "K7GW"
        },
        {
            "description": "Generic.Malware/Suspicious",
            "name": "Malwarebytes"
        },
        {
            "description": "Trojan.Malware.240204421.susgen",
            "name": "MaxSecure"
        },
        {
            "description": "Artemis!5A78F297D3B3",
            "name": "McAfee"
        },
        {
            "description": "Trojan:Win64/Malgent!MSR",
            "name": "Microsoft"
        },
        {
            "description": "generic.ml",
            "name": "Paloalto"
        },
        {
            "description": "Spyware.Agent!8.C6 (CLOUD)",
            "name": "Rising"
        },
        {
            "description": "BehavesLike.Win64.Dropper.dh",
            "name": "Skyhigh"
        },
        {
            "description": "Mal/Generic-S",
            "name": "Sophos"
        },
        {
            "description": "ML.Attribute.HighConfidence",
            "name": "Symantec"
        },
        {
            "description": "suspicious.low.ml.score",
            "name": "Trapmine"
        },
        {
            "description": "Trojan.MSIL.MALGENT.USBLDO24",
            "name": "TrendMicro"
        },
        {
            "description": "Trojan.MSIL.MALGENT.USBLDO24",
            "name": "TrendMicro-HouseCall"
        },
        {
            "description": "W32.Trojan.MSIL.MALGenT.USBLDO2",
            "name": "Webroot"
        },
        {
            "description": "Trojan.Pytr.Script.85",
            "name": "Zillya"
        },
        {
            "description": "Trojan:Win64/Malgent.44652814",
            "name": "Alibaba"
        },
        {
            "description": "PUA/Agent.khvqd",
            "name": "Avira"
        },
        {
            "description": "W32.Common.337F1333",
            "name": "Bkav"
        },
        {
            "description": "Trojan.Ghanarava.1714281627b993f9",
            "name": "CAT-QuickHeal"
        },
        {
            "description": "exe.trojan.malgent",
            "name": "CTX"
        },
        {
            "description": "Unsafe",
            "name": "Cylance"
        },
        {
            "description": "PotentialRisk.PUA/Agent.khvqd",
            "name": "F-Secure"
        },
        {
            "description": "Trojan.Win32.Agent.tsD1",
            "name": "Lionic"
        },
        {
            "description": "Trojan.Script.Python",
            "name": "Malwarebytes"
        },
        {
            "description": "Trojan.Malware.242370430.susgen",
            "name": "MaxSecure"
        },
        {
            "description": "ti!A0A65E552CB2",
            "name": "McAfeeD"
        },
        {
            "description": "Generic Reputation PUA (PUA)",
            "name": "Sophos"
        },
        {
            "description": "W64/ABApplication.RQGG-3123",
            "name": "Varist"
        },
        {
            "description": "Malware@#3lq5gz5tsa3w7",
            "name": "Xcitium"
        }
    ],
    "blacklist": [
        {
            "count": 23,
            "description": "Generic Malware",
            "first_seen": "2024-04-25 03:00:03",
            "last_seen": "2024-10-04 16:00:07",
            "ref": [
                1
            ],
            "source": "Hybrid-Analysis"
        }
    ],
    "classification": "malicious",
    "creation_time": "2024-04-25 02:50:35",
    "filename": [
        "Twitch Drops Miner (by DevilXD).exe",
        "chaosv6.exe"
    ],
    "filetype": "PE32+ executable (GUI) x86-64, for MS Windows",
    "is_alive": false,
    "is_cdn": false,
    "is_cnc": false,
    "is_distributing_malware": false,
    "is_hosting": false,
    "is_iot_threat": false,
    "is_known_attacker": false,
    "is_known_scanner": false,
    "is_mining_pool": false,
    "is_open_proxy": false,
    "is_phishing": false,
    "is_sinkhole": false,
    "is_storing_phishing": false,
    "is_tor_node": false,
    "is_vpn_node": false,
    "md5": "5a78f297d3b3c9d31a11bc173eb993f9",
    "modification_time": "2025-02-12 05:37:14",
    "process_list": [
        {
            "name": "TwitchDropsMiner_byDevilXD_.exe",
            "normalizedpath": "C:\\TwitchDropsMiner_byDevilXD_.exe",
            "sha256": "a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48",
            "uid": "00000000-00000896"
        },
        {
            "name": "TwitchDropsMiner_byDevilXD_.exe",
            "normalizedpath": "C:\\TwitchDropsMiner_byDevilXD_.exe",
            "sha256": "a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48",
            "uid": "00000000-00002640"
        },
        {
            "name": "chaosv6.exe",
            "normalizedpath": "C:\\chaosv6.exe",
            "sha256": "a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48",
            "uid": "00000000-00001412"
        }
    ],
    "score": 3,
    "scoring_executed_time": "2025-02-12 05:37:14",
    "sha1": "8a1715c052191f2d0666b8be07ec44e726076942",
    "sha256": "a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48",
    "size": 270848,
    "type": "sample"
}

Antivirus positives

Antivirus Threat
APEX Malicious
AVG Win64:Evo-gen [Trj]
Avast Win64:Evo-gen [Trj]
Bkav W64.AIDetectMalware
Cylance unsafe
DeepInstinct MALICIOUS
Fortinet W32/PossibleThreat
GData Win64.Trojan.Agent.HVOHDZ
Google Detected
Ikarus Trojan.Win64.Malgent
K7AntiVirus Riskware ( 00584baa1 )
K7GW Riskware ( 00584baa1 )
Malwarebytes Generic.Malware/Suspicious
MaxSecure Trojan.Malware.240204421.susgen
McAfee Artemis!5A78F297D3B3
Microsoft Trojan:Win64/Malgent!MSR
Paloalto generic.ml
Rising Spyware.Agent!8.C6 (CLOUD)
Skyhigh BehavesLike.Win64.Dropper.dh
Sophos Mal/Generic-S
Symantec ML.Attribute.HighConfidence
Trapmine suspicious.low.ml.score
TrendMicro Trojan.MSIL.MALGENT.USBLDO24
TrendMicro-HouseCall Trojan.MSIL.MALGENT.USBLDO24
Webroot W32.Trojan.MSIL.MALGenT.USBLDO2
Zillya Trojan.Pytr.Script.85
Alibaba Trojan:Win64/Malgent.44652814
Avira PUA/Agent.khvqd
Bkav W32.Common.337F1333
CAT-QuickHeal Trojan.Ghanarava.1714281627b993f9
CTX exe.trojan.malgent
Cylance Unsafe
F-Secure PotentialRisk.PUA/Agent.khvqd
Lionic Trojan.Win32.Agent.tsD1
Malwarebytes Trojan.Script.Python
MaxSecure Trojan.Malware.242370430.susgen
McAfeeD ti!A0A65E552CB2
Sophos Generic Reputation PUA (PUA)
Varist W64/ABApplication.RQGG-3123
Xcitium Malware@#3lq5gz5tsa3w7
Process list
uid
00000000-00000896
commandline
name
TwitchDropsMiner_byDevilXD_.exe
normalizedpath
C:\TwitchDropsMiner_byDevilXD_.exe
sha256
a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48
uid
00000000-00002640
commandline
name
TwitchDropsMiner_byDevilXD_.exe
normalizedpath
C:\TwitchDropsMiner_byDevilXD_.exe
sha256
a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48
uid
00000000-00001412
commandline
name
chaosv6.exe
normalizedpath
C:\chaosv6.exe
sha256
a0a65e552cb27f92925f1e95b33ba6b2389d20820dd16691a755390a82e9ea48