MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f
SHA3-384 hash: 153869d35550b72f495545a6cfa00832e7fde5baf9874335b92b38d6e8fb9a02df341aff8f665c3b18d6856b0effac59
SHA1 hash: e8172f96276c735c672557cc140143cd5b403fca
MD5 hash: f56b470f0f5518709633494dbff2c26d
humanhash: burger-hawaii-texas-march
File name:bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f.bin
Download: download sample
File size:27'192 bytes
First seen:2021-09-06 11:13:10 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 384:lehwX5lbmiw+yxZFSwNpG54jwaALc4ssoeja3khnpwKNsw1lZvStrBYr:lcYzbmiM3FpvjwaAQchcwjQMr
Threatray 3 similar samples on MalwareBazaar
TLSH T141C29E825A605443DFC784B4F1EB4E665C74A701A7D0C9E39290D2E8DE887E6BA7C43F
Reporter JAMESWT_WT
Tags:dll Ginger Communication Hub d.o.o. signed

Code Signing Certificate

Organisation:Ginger Communication Hub d.o.o.
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2021-07-29T00:00:00Z
Valid to:2022-07-29T23:59:59Z
Serial number: c47641d5bf6c869c7b33321e2c39fb1a
Thumbprint Algorithm:SHA256
Thumbprint: 4d74119db465401770088dfd0185e3e148b3079c2537d64b87590d64da35bf8b
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185641/
Detection(s):
SecuriteInfo.com.Variant.Doina.21836.7073.27555.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1b9c5acb-af82-42d5-9dd1-3de7631c1b07
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/845948
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 478379 Sample: NraoWAvlPJ.bin Startdate: 06/09/2021 Architecture: WINDOWS Score: 68 36 Multi AV Scanner detection for submitted file 2->36 9 loaddll32.exe 1 2->9         started        process3 process4 11 rundll32.exe 9->11         started        14 cmd.exe 1 9->14         started        16 rundll32.exe 9->16         started        signatures5 44 Contains functionality to inject threads in other processes 11->44 46 Contains functionality to inject code into remote processes 11->46 48 Writes to foreign memory regions 11->48 18 cmd.exe 13 11->18         started        21 rundll32.exe 14->21         started        50 Allocates memory in foreign processes 16->50 52 Creates a thread in another existing process (thread injection) 16->52 24 cmd.exe 13 16->24         started        process6 dnsIp7 34 95.179.225.165, 443 AS-CHOOPAUS Netherlands 18->34 26 conhost.exe 18->26         started        38 Writes to foreign memory regions 21->38 40 Allocates memory in foreign processes 21->40 42 Creates a thread in another existing process (thread injection) 21->42 28 cmd.exe 13 21->28         started        30 conhost.exe 24->30         started        signatures8 process9 process10 32 conhost.exe 28->32         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2021-09-03 05:55:49 UTC
File Type:
PE (Dll)
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6
afde4b3d64da9dea8c95d5bfa349920a7d74017ac4bdefd41d1cd45002e00ad8
c8989c184174f25a13a23242d9e7d2c99f74ca9e283d1d4b1ad642bdcb89ba63
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210906-nb12aaebcq/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f
MD5 hash:
f56b470f0f5518709633494dbff2c26d
SHA1 hash:
e8172f96276c735c672557cc140143cd5b403fca
Link:
https://www.unpac.me/results/bafc8741-09c8-430d-93b5-a4cf19fca23f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/185641/

Comments