MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4fb42f8ed934b5400dd309716a833199a3591b5167dc86f78094f2e7506c36c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4fb42f8ed934b5400dd309716a833199a3591b5167dc86f78094f2e7506c36c
SHA3-384 hash: 5c22e696130c5aa7e9d1c6fab2f7ac0516df0ba1e9ab6733674c75acadc8e509a0447bfae260d5c8c568f081ff144ebd
SHA1 hash: 8addf3cd6c9e6d35e2a5f75219dbad5445420577
MD5 hash: ffa2b643f720061868b1af3a52f19a9c
humanhash: mars-video-five-social
File name:Reminder_106599.xls
Download: download sample
Signature TrickBot
Create hunting rule
File size:348'677 bytes
First seen:2020-07-10 17:50:32 UTC
Last seen:Never
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 6144:9k3hOdsylKlgryzc4bNhZF+E+W2knAglg8FNRlU3vXu3fD+DXaoVTyS1OMmwdra0:YjrRlUfe3sat4Q9rDC
TLSH 847438D5F3AACE7BC6A7CABD4E4B82B1572DEC01916903C325D4B2383E6D2789D494C1
Reporter abuse_ch
Tags:AUS chil65 geo TrickBot xls


Avatar
abuse_ch
TrickBot payload URL:
http://45.11.183.78/6f04e0be46qb4Zc.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.Excel4ptgRefIGotFiveOnIt.20200504.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4ConCatsAM1984_T_800.20200623.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4fb42f8ed934b5400dd309716a833199a3591b5167dc86f78094f2e7506c36c/
Threat name:
Document-Excel.Trojan.Abracadabra
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 17:52:06 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ut5uf6hnsnfviag5gclrnkbtdgndlenvcz64q33ybfhs45igynwa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro
Link:
https://tria.ge/reports/200710-xykv6l96sj/
Behaviour
Suspicious Office macro
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:SUSP_EnableContent_String_Gen
Create hunting rule
Author:Florian Roth
Description:Detects suspicious string that asks to enable active content in Office Doc
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

TrickBot

Excel file xls a4fb42f8ed934b5400dd309716a833199a3591b5167dc86f78094f2e7506c36c

(this sample)

TrickBot

DLL dll b22dc5d5b64b027c3912d1cf9e890b4e7c007cee2e8b46cbbd4676758142d0fe

  
URLhaus
https://urlhaus.abuse.ch/url/410881/
  
Dropping
SHA256 b22dc5d5b64b027c3912d1cf9e890b4e7c007cee2e8b46cbbd4676758142d0fe
  
Dropping
MD5 2d44a73570a9cc3a876b6f913ec01a04

Comments