MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e
SHA3-384 hash:	8cbbbb7d701ba5808d5cb25351ee0235ed6e6209600290193bb509cd011112f822a92178495974c0ca58c08d200e776d
SHA1 hash:	d59f71f4efaeb78c58d97547d94ff497840b35c6
MD5 hash:	dffb9f95e00c7874eef7b63fcbeaf340
humanhash:	washington-aspen-leopard-robert
File name:	picture9.dll
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	263'168 bytes
First seen:	2020-06-23 06:40:09 UTC
Last seen:	2020-06-23 13:07:47 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	7b60cf640727b2e6819c19c9406b96bd (2 x TrickBot)
ssdeep	6144:z7OxV+LcMoewMXE7EmcbgunKwhIXPNI9CgUyKLF66:G++ewQvKwyXPNBb86
Threatray	1'984 similar samples on MalwareBazaar
TLSH	2544E1213261C0F1F56A253F4F5DE3761A3B6830AAB1448777E55A6C8FA36809F3139E
Reporter	abuse_ch
Tags:	dll TrickBot

abuse_ch

TrickBot payload URL:
https://lawyersblog.net/777/picture9.dll

Intelligence

File Origin

# of uploads :

3

# of downloads :

76

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/12858/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e/

Threat name:

Win32.Trojan.TrickBot

Status:

Malicious

First seen:

2020-06-23 06:42:05 UTC

File Type:

PE (Dll)

Extracted files:

1

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=crkvktkvqx3i5rzbfjx4vgc2u7r3wgie7ttnz65zuczgouol2i7a._file

Verdict:

malicious

Label(s):

trickbot

emotet

Similar samples:

024d1e75caece924601857b3e631b56936784215267c89d4ebc20f32258fa689

09e3570fe057bd4931487abc899f3ce06e3c48aa7e248d83fa9580003b0eac32

348c1970f3ce0b20eda196db27b3596864d8e99bedf575855aa35f5b5f5fc084

5b53e93d56e20740ef468c0dc16bf4b0dc459007637874f1b2e8094f7d41e0a2

5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409

8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5

9aa0f2a8b7cf8b2943a8d95a4808170aeae514e14cd318f5e8ab200e6e846838

a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554

b4eb31112cb2d0686ea3e88ab33569a0c902cb14331bb5f12a206d6f61b6b1fe

cd327c510c630f47d64c6e7bde422574480f57f6c455d41a2b0c7072e43779f7

+ 1'974 additional samples on MalwareBazaar

Result

Malware family:

trickbot

Score:

10/10

Tags:

trojan banker family:trickbot

Link:

https://tria.ge/reports/200624-hsr83jfbea/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Templ.dll packer

Trickbot

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/400644/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/12858/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample