MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f49c39f852b416f05974b93494c2dd3bdf583bc34f1b0697e235f4ac3742a964. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f49c39f852b416f05974b93494c2dd3bdf583bc34f1b0697e235f4ac3742a964
SHA3-384 hash:	4447595d0a0286303cc67a5fba3a29a68b7c763caa7ec56ef6c1a5e487ea49d6eeb640d6de50ecd7ade938519d335143
SHA1 hash:	324172334b41b8dea44ad6dd270571e393c86631
MD5 hash:	fc56ec8564cb8682924838a3cf6438b3
humanhash:	oven-bacon-robert-earth
File name:	SecuriteInfo.com.Trojan.DownLoader33.35922.19675.18978
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	537'600 bytes
First seen:	2020-06-25 00:51:55 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	d2ae535d10bb14d9ea93602643a07e2e (3 x TrickBot)
ssdeep	12288:94FGDjEAWdl4HTPaWZZ3aYkEwCgsp5lu:6FGDjg4zSWZZqYkmgsp5l
Threatray	4'914 similar samples on MalwareBazaar
TLSH	78B4AE01B2C0C171C06A2B315B3BC7A50BBB7C352D78D60EA799567E1F326429E3779A
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Detection:

TrickBot

Link:

https://www.capesandbox.com/analysis/13872/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.35922.19675.18978.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Unauthorized injection to a system process

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/f49c39f852b416f05974b93494c2dd3bdf583bc34f1b0697e235f4ac3742a964/

Gathering data

Verdict:

malicious

Label(s):

trickbot

emotet

Similar samples:

13d5829ecced67bca7295591da922eba16055f0b35279593589f7a65fa9d65a4

1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e

5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409

7747b1a2bdb135e1fd300b612077bf1b46e8a838369dcd4266cdff6d3aad05b1

81d78d9870777d1d4b4714c268931d11048df406ed771f2a285d5c7eea4eb618

8af7651e5c9bbc5e999a745ed4747d9e9e54fb425f824c7438ac07a00f834612

a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554

d3490e778e6bab64c1e2e10632335a0f6c58c86155599b22e6b184cf4bf78d83

ea78f793d2de0b9b6da1ddd8530de9c646f3bbaa115f0cbcd7339ddfb5c3b0f7

f277c22cb2b8fb4a9b318ce5328b04919d53119d2041b67727dcdd587024826f

+ 4'904 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200625-xhpp458bxs/

Behaviour

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/13872/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample