MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 344c8c5dceb22b732dad7d1053fcea10b0a4edfb4a13d824458b455b44bc23d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 344c8c5dceb22b732dad7d1053fcea10b0a4edfb4a13d824458b455b44bc23d9
SHA3-384 hash: c642ee50cab19e61d8c0bb7aee45bcdee7d364732b86f3500ab6ed88c2d366fb3ffd6a5d38ca5733a2bc4a7c0d40e661
SHA1 hash: 445226cb0cd18773d17f638cf375a1e0af907ad0
MD5 hash: 2f7a03197c6232d3290a3538af1f57e0
humanhash: mississippi-red-oregon-spring
File name:update.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:379'904 bytes
First seen:2020-07-15 15:26:02 UTC
Last seen:2020-07-15 16:12:05 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 46372121a0181bf949ca9b067a73b4d3 (1 x TrickBot)
ssdeep 6144:OaMsBA3inPmmgAWb8bT438RXN2cAYtx1XhRxf8da11SrmJQUB:OaMsmClHEmXbntx1360zby
Threatray 5'009 similar samples on MalwareBazaar
TLSH 8A84AE20B58680B5D26F023508A9D72F917DB9724FF3DACB77AB4D6D1A300D05E397A2
Reporter JAMESWT_WT
Tags:TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Unauthorized injection to a system process
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/344c8c5dceb22b732dad7d1053fcea10b0a4edfb4a13d824458b455b44bc23d9/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-15 15:27:04 UTC
File Type:
PE (Dll)
Extracted files:
2
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
emotet
Create hunting rule
Similar samples:
609e31ea76f18dfea881714286f5162cadd463e5bd48bf8ce44409567089e008
TrickBot
7588c648467a20e9dc7e81fcb747904cba11cae72c9274a342950bd82093171d
TrickBot
83e9076753760835170cb3a4cbab7a3d8f72c458ccfc4e292f6927fd0f231d3e
TrickBot
8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5
TrickBot
92a21062a5697b5ac7050d82b5279443d444f4a3852c485b857774a31d0f290f
TrickBot
a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554
TrickBot
b65ca1af4590bbec9aa558319c6491db8235a555de83345e71b69feb69163e58
TrickBot
c54495e55e1b18bea4e6e36ab10dadb115db761a4255f7379f268eb9e28e96d4
TrickBot
c7b6b5c5fd0241015dea2d5bf76f50143844676bec4b1a57284af92a75a367db
TrickBot
cd327c510c630f47d64c6e7bde422574480f57f6c455d41a2b0c7072e43779f7
TrickBot
+ 4'999 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200715-2k1j7bb9dn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/26076/

Comments