MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b65ca1af4590bbec9aa558319c6491db8235a555de83345e71b69feb69163e58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b65ca1af4590bbec9aa558319c6491db8235a555de83345e71b69feb69163e58
SHA3-384 hash: 476852b476474acc753bb0f050fcb048e3dcb501bfa117aee379245075c0848215c801b5384607f74230901572e971ac
SHA1 hash: f811ac98c354145cd3e8ea925a6508ce2f667826
MD5 hash: 87ddb1f1b93cd67101823be57183c7ad
humanhash: iowa-two-kentucky-oxygen
File name:update.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:393'728 bytes
First seen:2020-07-07 12:34:57 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 89ed1bc251d6c3e47d163c5f895ad913 (7 x TrickBot)
ssdeep 6144:1Ws4ARPw5WAOozfAOKmBU7qwVp4VLmX9CeXc47hZrOQ:1WZApiWyDTB4qwuVKFn7v9
Threatray 1'877 similar samples on MalwareBazaar
TLSH CD84CF00B9E2C072C07E13376A19AFB502A9FD214B6CD9F777D81E0E6DB46D07A72652
Reporter JAMESWT_WT
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Unauthorized injection to a system process
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b65ca1af4590bbec9aa558319c6491db8235a555de83345e71b69feb69163e58/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 12:35:49 UTC
File Type:
PE (Dll)
Extracted files:
2
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
emotet
Create hunting rule
Similar samples:
2a29e1eaaff50f90c2a25a9be52a72ae194c2fe302f905818d90f7d5fb9c0437
TrickBot
52f2ed434833d33d042270f665b6e5c08b38fdd8961f7daea60fe6faae786824
TrickBot
5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409
TrickBot
8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5
TrickBot
8c47730867b57083f6ec4ab8c237f32f556c04ee4a973f2fc1c1be2919e49199
TrickBot
97c6fdb81fcc7d56b44c314ad21d2ef5e85299e18cff95cebc54b9192c025902
TrickBot
99d62f68414740eb9e6c2719cf22d67e5f5f4cb3fe0a4be34e7438d826844ff5
TrickBot
a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554
TrickBot
b4eb31112cb2d0686ea3e88ab33569a0c902cb14331bb5f12a206d6f61b6b1fe
TrickBot
c7b6b5c5fd0241015dea2d5bf76f50143844676bec4b1a57284af92a75a367db
TrickBot
+ 1'867 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200707-lg261bfh9x/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/22251/

Comments