MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6
SHA3-384 hash: d0f0dc4a82a0cbfe3800dec8cbc19b69fe2333496522abd469a8f7dadca6c9a3e6afe920a2f1f1850f41fcd4c2ad98dc
SHA1 hash: be1d10f369c315909946390ac1a5525370571a86
MD5 hash: 1c4c4e8b7a0e84e698d50877c51242f3
humanhash: happy-iowa-early-early
File name:7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6
Download: download sample
File size:32'256 bytes
First seen:2021-09-06 11:13:04 UTC
Last seen:2021-09-06 11:18:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 384:6dlKJehwX5lbmiw+yxZFSwNpG54jwaALc4ssoeja3khnpwKNsw1lZvStrBYOltO:6dlKJcYzbmiM3FpvjwaAQchcwjQMO
Threatray 3 similar samples on MalwareBazaar
TLSH T1FBE2AE425A20A463DEC744B4F2EB5E265C78670097D0C5D3A190D1E8DF88BE6F93D42B
Reporter JAMESWT_WT
Tags:exe Ginger Communication Hub d.o.o. x509 Certificates

Intelligence

File Origin
# of uploads :
2
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6
Verdict:
Malicious activity
Analysis date:
2021-09-06 11:19:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5f99e795-dbe7-42fa-82ca-70d2c22156c0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185640/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.16217.9978.4926.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching a process
Sending a custom TCP request
Sending a UDP request
Launching cmd.exe command interpreter
Connection attempt
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5434ff7f-7bec-4e32-a4ad-26ce5f2d89c3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/845947
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an autostart registry key pointing to binary in C:\Windows
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 478378 Sample: mlqbL27O8n Startdate: 06/09/2021 Architecture: WINDOWS Score: 84 52 Multi AV Scanner detection for dropped file 2->52 54 Multi AV Scanner detection for submitted file 2->54 56 Machine Learning detection for sample 2->56 8 mlqbL27O8n.exe 1 4 2->8         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        process3 file4 38 C:\Users\user\AppData\...\AppContainerDbg.pfx, PE32 8->38 dropped 58 Creates an autostart registry key pointing to binary in C:\Windows 8->58 16 rundll32.exe 8->16         started        19 conhost.exe 8->19         started        21 rundll32.exe 12->21         started        23 rundll32.exe 14->23         started        signatures5 process6 signatures7 42 Contains functionality to inject threads in other processes 16->42 44 Contains functionality to inject code into remote processes 16->44 46 Writes to foreign memory regions 16->46 25 cmd.exe 13 16->25         started        48 Allocates memory in foreign processes 21->48 50 Creates a thread in another existing process (thread injection) 21->50 28 cmd.exe 13 21->28         started        30 cmd.exe 13 23->30         started        process8 dnsIp9 40 95.179.225.165, 443 AS-CHOOPAUS Netherlands 25->40 32 conhost.exe 25->32         started        34 conhost.exe 28->34         started        36 conhost.exe 30->36         started        process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-09-02 21:20:31 UTC
File Type:
PE (Exe)
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
afde4b3d64da9dea8c95d5bfa349920a7d74017ac4bdefd41d1cd45002e00ad8
bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f
c8989c184174f25a13a23242d9e7d2c99f74ca9e283d1d4b1ad642bdcb89ba63
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210906-nb12aabaa5/
Behaviour
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
21d8d07bda2e863b5119a03e5c400ba6bac9518df2f84e6ca7dcf49e2259355a
MD5 hash:
f49d1be8336b88b01d00e1dfb7362c0a
SHA1 hash:
0f07d359d985fff1e07685334b3fe4d4a031d4d5
Link:
https://www.unpac.me/results/3e8c950b-2526-4112-a674-61ca5e7c49ce/
SH256 hash:
7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6
MD5 hash:
1c4c4e8b7a0e84e698d50877c51242f3
SHA1 hash:
be1d10f369c315909946390ac1a5525370571a86
Link:
https://www.unpac.me/results/3e8c950b-2526-4112-a674-61ca5e7c49ce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Ginger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/185640/
  
URLhaus
https://urlhaus.abuse.ch/url/1596739/
  
Delivery method
Distributed via web download

Comments