MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81d78d9870777d1d4b4714c268931d11048df406ed771f2a285d5c7eea4eb618. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	81d78d9870777d1d4b4714c268931d11048df406ed771f2a285d5c7eea4eb618
SHA3-384 hash:	8e6ea5451a85056ebbfb27bcfe8c380dd7319c7cad360bea89bcf45e290c0947dede4221039707914155faabfb5291a2
SHA1 hash:	8345b066c56ab6a3230e30d60dd6c0152eee4628
MD5 hash:	744ac3691fc4d57f8993f384b90e4da4
humanhash:	ceiling-crazy-steak-high
File name:	SecuriteInfo.com.Trojan.DownLoader33.35922.21710.20577
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	537'600 bytes
First seen:	2020-06-25 01:43:07 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	d2ae535d10bb14d9ea93602643a07e2e (3 x TrickBot)
ssdeep	12288:94FGDjEAWdl4HTPaWZ63aYkEwCgsp5lu:6FGDjg4zSWZ6qYkmgsp5l
Threatray	4'915 similar samples on MalwareBazaar
TLSH	E5B4AE01B2C0C171C06A2B315B3BC7A50BBB7C352D78D60EA799567E1F326429E3779A
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

77

Origin country :

n/a

Vendor Threat Intelligence

Detection:

TrickBot

Link:

https://www.capesandbox.com/analysis/13876/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.35922.21710.20577.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Unauthorized injection to a system process

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/81d78d9870777d1d4b4714c268931d11048df406ed771f2a285d5c7eea4eb618/

Gathering data

Verdict:

malicious

Label(s):

trickbot

emotet

Similar samples:

13d5829ecced67bca7295591da922eba16055f0b35279593589f7a65fa9d65a4

1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e

5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409

7747b1a2bdb135e1fd300b612077bf1b46e8a838369dcd4266cdff6d3aad05b1

8af7651e5c9bbc5e999a745ed4747d9e9e54fb425f824c7438ac07a00f834612

a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554

d3490e778e6bab64c1e2e10632335a0f6c58c86155599b22e6b184cf4bf78d83

ea78f793d2de0b9b6da1ddd8530de9c646f3bbaa115f0cbcd7339ddfb5c3b0f7

f277c22cb2b8fb4a9b318ce5328b04919d53119d2041b67727dcdd587024826f

f49c39f852b416f05974b93494c2dd3bdf583bc34f1b0697e235f4ac3742a964

+ 4'905 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200625-3lqv38ldzs/

Behaviour

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/13876/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample