MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea78f793d2de0b9b6da1ddd8530de9c646f3bbaa115f0cbcd7339ddfb5c3b0f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea78f793d2de0b9b6da1ddd8530de9c646f3bbaa115f0cbcd7339ddfb5c3b0f7
SHA3-384 hash: 4395810a51676b3a1a33f8522f2f6e1267b777b1d219e6ded395a124181c3829be8ce7b013fb2d9ea32db0063728f5a8
SHA1 hash: a438bf8bcb9b1e12c5fa7c0823e788cbc4f8b3c3
MD5 hash: 43657e9054123c5f13cfdff473867680
humanhash: jig-red-harry-nebraska
File name:service.nmzz
Download: download sample
Signature TrickBot
Create hunting rule
File size:396'288 bytes
First seen:2020-06-24 01:16:49 UTC
Last seen:2020-06-24 07:50:23 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 3ee4b0647aa5e5f50afc7eda2ea7a6f3 (2 x TrickBot)
ssdeep 6144:SEEyMUyA3ieNKViG3myG+pbZXY0LPvV8+tBLPOUoHW6u:SbyMUyAShVvWyB5ZX/rntxoF
Threatray 4'927 similar samples on MalwareBazaar
TLSH EC841BACB15020A9868DD227E13BEB70BBE874333B109C555A8B9F711C86987DD4DFC9
Reporter malware_traffic
Tags:dll gi6 TrickBot


Avatar
malware_traffic
Trickbot gtag: gi6
e-vote themed docs (not docx files, but doc files)

Intelligence

File Origin
# of uploads :
3
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/13326/
Detection(s):
SecuriteInfo.com.Generic.mg.43657e9054123c5f.11504.UNOFFICIAL
Create hunting rule

Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ea78f793d2de0b9b6da1ddd8530de9c646f3bbaa115f0cbcd7339ddfb5c3b0f7/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 01:18:05 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
emotet
Create hunting rule
Similar samples:
13d5829ecced67bca7295591da922eba16055f0b35279593589f7a65fa9d65a4
TrickBot
1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e
TrickBot
5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409
TrickBot
8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5
TrickBot
8af7651e5c9bbc5e999a745ed4747d9e9e54fb425f824c7438ac07a00f834612
TrickBot
a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554
TrickBot
ae4ae1071a58c4748e9238e4285483537c3369ca87fceba17e617c27f6146e51
TrickBot
c7b6b5c5fd0241015dea2d5bf76f50143844676bec4b1a57284af92a75a367db
TrickBot
d3490e778e6bab64c1e2e10632335a0f6c58c86155599b22e6b184cf4bf78d83
TrickBot
f277c22cb2b8fb4a9b318ce5328b04919d53119d2041b67727dcdd587024826f
TrickBot
+ 4'917 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
trojan banker family:trickbot
Link:
https://tria.ge/reports/200624-1hffbzp3qn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Templ.dll packer
Trickbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/13326/

Comments