MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13d5829ecced67bca7295591da922eba16055f0b35279593589f7a65fa9d65a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13d5829ecced67bca7295591da922eba16055f0b35279593589f7a65fa9d65a4
SHA3-384 hash: 531c3940ae2241e4d086c00dfc8d457c3ff0d1b514b345df81046e85a78a43faa13807f9773ef3f4d600d2eb51170451
SHA1 hash: d53d4d096248063cc4a8d35a8ba5e98196cbaf06
MD5 hash: b653e6a0754e8f6f4a0e014a6f2c3879
humanhash: cardinal-music-georgia-low
File name:picture9.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:273'128 bytes
First seen:2020-06-22 20:04:25 UTC
Last seen:2020-06-23 07:03:16 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 7b60cf640727b2e6819c19c9406b96bd (2 x TrickBot)
ssdeep 6144:H7OxV+LiMoewMXE7EmcbgunKwhIXPNI9CgUyKLF66g:6+0ewQvKwyXPNBb86g
Threatray 5'066 similar samples on MalwareBazaar
TLSH 3744E1213260C0B1F566253F5F9DE3766A3A7830AAB0448777A5566C8FA37C09F3139E
Reporter James_inthe_box
Tags:dll

Code Signing Certificate

Organisation:AAA Certificate Services
Issuer:AAA Certificate Services
Algorithm:sha1WithRSAEncryption
Valid from:Jan 1 00:00:00 2004 GMT
Valid to:Dec 31 23:59:59 2028 GMT
Serial number: 01
Intelligence: 364 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
TrickBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/12738/
Detection(s):
PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/13d5829ecced67bca7295591da922eba16055f0b35279593589f7a65fa9d65a4/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 20:03:17 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
emotet
Create hunting rule
Similar samples:
1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e
TrickBot
198d4693da2e3446cc93298b2535eb07b43a74b44c000b3c99d8d4e2053d3011
TrickBot
5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409
TrickBot
8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5
TrickBot
8af7651e5c9bbc5e999a745ed4747d9e9e54fb425f824c7438ac07a00f834612
TrickBot
a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554
TrickBot
ae4ae1071a58c4748e9238e4285483537c3369ca87fceba17e617c27f6146e51
TrickBot
af745b89b72c57307c1805107ea440b0c5768057de52ed3aff6a1c675514ab85
TrickBot
d3490e778e6bab64c1e2e10632335a0f6c58c86155599b22e6b184cf4bf78d83
TrickBot
ea78f793d2de0b9b6da1ddd8530de9c646f3bbaa115f0cbcd7339ddfb5c3b0f7
TrickBot
+ 5'056 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
trojan banker family:trickbot
Link:
https://tria.ge/reports/200624-ltr3qa8s9e/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Templ.dll packer
Trickbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/12738/

Comments