MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409
SHA3-384 hash: 9ef4275942c8cb4aa9b58c146664f20572c983c00c685f957b689e374d4c067151f3df14d1725ff14d7521acaa4e986f
SHA1 hash: 7b5dba57f7a081234ec38abda016b32d6316e02b
MD5 hash: 03e9151a3d9a64b536adaaa8a455d73d
humanhash: leopard-maine-hawaii-potato
File name:update.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:280'576 bytes
First seen:2020-07-20 14:49:29 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash bd9ae4d9acfc94b704f6f20956751799 (2 x TrickBot)
ssdeep 6144:+iSA0kBRgWsDuNTymeKDrLO9TQ4uj5W1CEi:+iSA0kBRBpLO5Qlc1CJ
Threatray 2'085 similar samples on MalwareBazaar
TLSH B854E00232D2E071E5AF463D48256F050B7EBCB2DBF1999B7B84161E6A342C0DF35B66
Reporter abuse_ch
Tags:chil72 dll GBR geo TrickBot


Avatar
abuse_ch
Malspam distributing TrickBot:

HELO: mx-out.tlen.pl
Sending IP: 193.222.135.142
From: ernstpaginajpx@go2.pl <ernstpaginajpx@go2.pl>
Subject: Past due charge to Holmes Place
Attachment: Notification_91870.xls

TrickBot payload URL:
http://198.50.138.24/aGZSw2PkwAs9Hi.php
http://5.182.210.224/images/update.dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
TrickBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/29236/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Launching a process
Unauthorized injection to a system process
Result
Threat name:
Trickbot
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/391812
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 14:51:05 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lqo7dfmlmopsul5mah6cqgikyrts7lgq7zjd57pn6kzkerbe2qeq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
emotet
Create hunting rule
Similar samples:
1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e
TrickBot
348c1970f3ce0b20eda196db27b3596864d8e99bedf575855aa35f5b5f5fc084
TrickBot
5b53e93d56e20740ef468c0dc16bf4b0dc459007637874f1b2e8094f7d41e0a2
TrickBot
8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5
TrickBot
a87a1461c989e6a6a28768733633d89fb4a79e24a8475f745e379d958df68741
TrickBot
a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554
TrickBot
b4eb31112cb2d0686ea3e88ab33569a0c902cb14331bb5f12a206d6f61b6b1fe
TrickBot
cd327c510c630f47d64c6e7bde422574480f57f6c455d41a2b0c7072e43779f7
TrickBot
d3490e778e6bab64c1e2e10632335a0f6c58c86155599b22e6b184cf4bf78d83
TrickBot
f89b1d7e34810a16343159b8bb4700cfa548b58e2ab589bb1c6bee3455fd5f71
TrickBot
+ 2'075 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200720-rkvydlbfw2/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TrickBot

Excel file xls 1ada48e12636c7095c955ad4787e582c0c9e55c8b46dfbc97c3da8f78c847e29

TrickBot

DLL dll 5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/415274/
  
Dropped by
MD5 dfab328afed6ca07bbf35a2484cbed86
  
Dropped by
SHA256 1ada48e12636c7095c955ad4787e582c0c9e55c8b46dfbc97c3da8f78c847e29
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/29236/

Comments