MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07d2803931b06ba2fa9c0d9e7e46bcd1cd707ef15b7ce0e58dc0564ee1b7a82f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07d2803931b06ba2fa9c0d9e7e46bcd1cd707ef15b7ce0e58dc0564ee1b7a82f
SHA3-384 hash: 7550bd9c1fd62b11c2b11e57309bb58bf826f31a72395327df8658614156d0779f57ee61a20f447b0ac825a2285503a6
SHA1 hash: 0997b1afb07e0c9509405b268f630ec9a54778de
MD5 hash: 6b9141d33f4b25b0141a28f28689906d
humanhash: ceiling-nuts-bacon-mars
File name:da3_2020-05-20_18-57.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:256'000 bytes
First seen:2020-05-22 19:46:58 UTC
Last seen:2020-05-22 20:43:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 964c5fc9740e4f22caf984a7542ad2ae (1 x RaccoonStealer, 1 x TrickBot)
ssdeep 6144:gLmgj5/B2hvXPAw86qs75ywvn+TX+NTZsnawwLd:gKgd/B2JXYwdcwz
Threatray 2'929 similar samples on MalwareBazaar
TLSH 4444F113BAF1C433D4978836146097B0693BA86E3B70CEAB2B9407595E313D257BB747
Reporter malware_traffic
Tags:exe gtag: da3 TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
TrickBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4607/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.67315.8079.28930.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 21:23:17 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
TrickBot
3008d3a85d42533167443e236755a01ae25d008728dbcd9630d99a42db30fbae
TrickBot
3b4e2eaa2c933d266ce048d25144e8a48e83c26de690d61b97edc665cdd3f3c3
TrickBot
52223ec90dbd12dfaef3d91adfda51bf16ebcefcf3fef248d00e5cc42d55356a
TrickBot
5f56a8ec752d443e483755830c85c7e1f3ef2a88d74f092c1079ae2d108d25ec
TrickBot
74ba15f7a747b8d6d7e9ba5458fc75a682c5a598476d24dd628c18bf7eaa0b08
TrickBot
cd093b974b530d7ef2704d62a63761a34ea0a20f6a1398e00d73b805547f2ba5
TrickBot
daa08bc4e709c11a5c131e9af0599a88e3367d9f5f3e9b08beb39461837c5bf9
TrickBot
f27442a84f464e960ecf162069b2178eadb8351b3a041f3d090d376c22421d9f
TrickBot
f68b30807bc53ed4943d900c8f9ea82269078cde72702826747f948a8eb7957c
TrickBot
+ 2'919 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-v5db8h7x4a/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe 07d2803931b06ba2fa9c0d9e7e46bcd1cd707ef15b7ce0e58dc0564ee1b7a82f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366819/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4607/

Comments