MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
SHA3-384 hash: d213bca8c52f162fe019286a845151219e808948a790f39c82c4911b56cd340d4170102052fe624dad333df2b3ef3214
SHA1 hash: 82c6615db16db8fa5c25ed3ba9ee2ba4758872b4
MD5 hash: 6d000056522c9f92b027e0c443667485
humanhash: lima-tennessee-colorado-early
File name:slcaa.bin
Download: download sample
Signature TrickBot
Create hunting rule
File size:1'755'536 bytes
First seen:2020-06-18 06:25:14 UTC
Last seen:2020-06-18 06:51:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1c4b1aade797a8eb8c1fad55ebbfdf4 (1 x TrickBot)
ssdeep 12288:jQTmSpXrXEiYXEXmLu66ELuL0aghaw9EMhfXnXHX3XXXnXnXXXHHHXnXX33X3Xn2:mmSSi6LDK43kw9phO
Threatray 196 similar samples on MalwareBazaar
TLSH A18517B121594E5FF2CE913DAC92EE332DAD693850E7F1D0AB05263BF4AC8785D78091
Reporter JAMESWT_WT
Tags:CobaltStrike Loader TrickBot

Code Signing Certificate

Organisation:Big Agency a.s.
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:May 27 00:00:00 2020 GMT
Valid to:May 27 23:59:59 2021 GMT
Serial number: E9C3AF3C42E06F7E20A34B81F69E9630
Thumbprint Algorithm:SHA256
Thumbprint: E12553ABE3CB9EBC4AEDE08D36F75BCD94D1B4AF094D30160FBB6231F5D76F1D
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19691/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.9030.29718.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Ransomware.Wasted
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 10:29:27 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
39 of 48 (81.25%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
2f72550c99a297558235caa97d025054f70a276283998d9686c282612ebdbea0
TrickBot
34d38e1cf8761561180c63079d63c277b92959359278be8d020391524dece203
TrickBot
389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848
TrickBot
4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395
TrickBot
70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada
TrickBot
8668a50a557e2b402d105cd44953bcb7f2a854b34ed6fa89daabe706f809ce32
TrickBot
96c441a2676616cbc2869de5adf4215bdad4603d970f956cc3de927301599257
TrickBot
a68210378135bd42e9a1a8e854fb0cab06f58ffcab9a8583f0654fe9807c5555
TrickBot
e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b
TrickBot
f241b9ad9deb20f65e777ea5349b27ca5c70e74c1ca7d82413bcf0b03b8054c8
TrickBot
+ 186 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200624-1c1r7ey646/
Behaviour
Modifies system certificate store
Malware Config
C2 Extraction:
http://websitelistbuilder.com:443/jquery-3.3.1.min.js
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19691/

Comments