MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3612f6b835ceef3d1902201dc7fd01a1ad987f6aebc8ce8d288f7c881b6ef3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3612f6b835ceef3d1902201dc7fd01a1ad987f6aebc8ce8d288f7c881b6ef3d
SHA3-384 hash: d68298a7ba1a76e46bbb3f65662a04ead4080afb8f2e68daeeae266130881379b4cb573b9aea350cf20a8d9e4e877d15
SHA1 hash: ba3f321023822eb21de668c5e3161f6e526652ce
MD5 hash: f79acb2dca6051d9af8c8765068a344c
humanhash: glucose-asparagus-shade-magnesium
File name:SecuriteInfo.com.Win32.Injector.ELOQ.12595
Download: download sample
Signature TrickBot
Create hunting rule
File size:196'608 bytes
First seen:2020-04-22 15:10:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 25e54914a42b39f6bbf362d77d56d37e (1 x TrickBot)
ssdeep 1536:Iw5YINgJ0EB3N+c5B087xrj8Amk1udb8cvbbUY34sdRBMp+WkV3TPlVMeS:D5YxxJM6ZrAAtOoc57deWCr
Threatray 524 similar samples on MalwareBazaar
TLSH 5B14F7417E70A8B2C62006312FDACB7ED2647DE5C9E1865F7050772EEF722C61AA117E
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.ELOQ.12595.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 12:15:13 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wnqs624dltxphumqeia5y76qdinntb7wv26iz2gsrd34ranw546q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
TrickBot
12846f275b6c95522b1b02433f0b11ea979cc328e0ea607c9d706b222d6ebd5a
TrickBot
14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
TrickBot
24cd2ace09c7a8fd8793310e910e6b5cad27dd5333bf6251fe8944a5160cebbb
TrickBot
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
TrickBot
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
TrickBot
5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6
TrickBot
9b330bb1491b230182ada7cd439a91edbf552bae7494a2ce6ebf55726660b086
TrickBot
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
TrickBot
e380dd9160bd4addca9a318590214df89713f9bcc7f9c0eede48f452274c8e82
TrickBot
+ 514 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe b3612f6b835ceef3d1902201dc7fd01a1ad987f6aebc8ce8d288f7c881b6ef3d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/348143/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments