MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7747b1a2bdb135e1fd300b612077bf1b46e8a838369dcd4266cdff6d3aad05b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7747b1a2bdb135e1fd300b612077bf1b46e8a838369dcd4266cdff6d3aad05b1
SHA3-384 hash: 033829651c334336aa680667f0e8c2dbf6f61369da93884fa56c94a33a7f5597732325c534908fa00fdda617c7db7740
SHA1 hash: 39d9a0014994305be0343e2c77882cdb9dece91a
MD5 hash: 1c9878d3750ac1db98e822f4d835b62d
humanhash: xray-glucose-bravo-bravo
File name:update.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:537'600 bytes
First seen:2020-06-25 06:29:44 UTC
Last seen:2020-06-25 07:39:51 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d2ae535d10bb14d9ea93602643a07e2e (3 x TrickBot)
ssdeep 12288:94FGDjEAWdl4HTPaWZB3aYkEwCgsp5lu:6FGDjg4zSWZBqYkmgsp5l
Threatray 4'915 similar samples on MalwareBazaar
TLSH 80B4AE01B2C0C171C06A2B315B3BC7A50BBB7C352D78D60EA799567E1F326429E3779A
Reporter abuse_ch
Tags:dll geo TrickBot USA


Avatar
abuse_ch
Malspam distributing TrickBot:

HELO: rev10-se3-mel.hostedmail.net.au
Sending IP: 43.241.53.9
From: Genesis Phillips <LeoFrankum@healthcare.int>
Reply-To: LeoFrankum@healthcare.int
Subject: coronavirus (covid-19) paycheck application form
Attachment: CoVid_2019_Check_v9380.xls

TrickBot payload URL:
http://81.16.141.208/F3gbNM
http://23.95.231.200/images/update.dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/13946/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Unauthorized injection to a system process
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7747b1a2bdb135e1fd300b612077bf1b46e8a838369dcd4266cdff6d3aad05b1/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o5d3div5we26d7jqbnqsa557dndorkbyg2o42qtgzx7w2ovnawyq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
emotet
Create hunting rule
Similar samples:
13d5829ecced67bca7295591da922eba16055f0b35279593589f7a65fa9d65a4
TrickBot
1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e
TrickBot
5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409
TrickBot
81d78d9870777d1d4b4714c268931d11048df406ed771f2a285d5c7eea4eb618
TrickBot
8af7651e5c9bbc5e999a745ed4747d9e9e54fb425f824c7438ac07a00f834612
TrickBot
a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554
TrickBot
d3490e778e6bab64c1e2e10632335a0f6c58c86155599b22e6b184cf4bf78d83
TrickBot
ea78f793d2de0b9b6da1ddd8530de9c646f3bbaa115f0cbcd7339ddfb5c3b0f7
TrickBot
f277c22cb2b8fb4a9b318ce5328b04919d53119d2041b67727dcdd587024826f
TrickBot
f49c39f852b416f05974b93494c2dd3bdf583bc34f1b0697e235f4ac3742a964
TrickBot
+ 4'905 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200625-dgcxm5ra76/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TrickBot

Excel file xls 1405ebc5e00e65032a7cd10835efcd85e2de5dd4c2f39f5b77c7c65bce77688e

TrickBot

DLL dll 7747b1a2bdb135e1fd300b612077bf1b46e8a838369dcd4266cdff6d3aad05b1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/401462/
  
Dropped by
MD5 40cf356e1e5b9bd99de03f9e8262fcc2
  
Dropped by
SHA256 1405ebc5e00e65032a7cd10835efcd85e2de5dd4c2f39f5b77c7c65bce77688e
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/13946/

Comments