MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22
SHA3-384 hash: c731c8f78062ff360e15401933d711d0b8ba657d3db75d6c2be7ab19d6c8f97d6092ebc7102eb75e02679e7c80e47f78
SHA1 hash: d040e2a1d29f0b37a5e888d2402432d78440cb54
MD5 hash: 2939f396d5b175b2e1f28b05c09e812b
humanhash: gee-artist-cardinal-uranus
File name:SecuriteInfo.com.W32.AIDetect.malware2.15740.10016
Download: download sample
Signature TrickBot
Create hunting rule
File size:544'768 bytes
First seen:2021-04-07 22:37:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f9b1213ff998546e2cafbc29182e1fe5 (1 x TrickBot)
ssdeep 6144:H4Qq8J8SuK1ypY23lAF3oUooua2TXOGUIQ33wodqrxWWYwPPydyqBh+hF62S:HB1J8Su7bgYbDkrErxQ1y/pS
Threatray 699 similar samples on MalwareBazaar
TLSH 80C4D0247A51C270E07F07B9CDB389BC45796DF21A65C543BF8A2B2D4F603D9AA36306
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
330
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware2.15740.10016
Verdict:
Malicious activity
Analysis date:
2021-04-07 22:41:06 UTC
Tags:
evasion
Link:
https://app.any.run/tasks/7a0b98fa-9283-4fcd-8190-2941b7c086da

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/132961/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.15740.10016.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
TrickBot
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/669330
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Trickbot
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22/
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
044fd5b1175fc56b4e42354c98ee0c2421e09ec10c3abbc362cb194a51b365d0
TrickBot
13aa0fdd60e89711b5218497c7264c2ac11553ea7034f646c922fa47e8732928
TrickBot
159d4ad702a0b51a2821dd0c637ceb0fcbdcb19bb2d8d299e648fc88b049511c
TrickBot
1e472b9de49871cbf3a381b560312a55163a196213329fdae34f4bbae6dd9d20
TrickBot
389ec465ec5038ddb8eaa907961d5602fb23bab039b4f262151526331e15b4bc
TrickBot
7183300485dd480c05627eb5733ddb2bc18c3b5ce4930e6cc8ac2e0f3f06eb72
TrickBot
85cfd42faa485da7e37e87c96a7e19206531a19a37f5cc3edfebd21b5d47d407
TrickBot
d70803dc31e45825416b5391969ab9042baa17c01e080382a4340cef54090c84
TrickBot
db5ef5ba06bfbe7f389d6e0c9a620b8338fbd94c0d226db3a9559a8851419bcb
TrickBot
fd3af0e7890546cc6e6ee828df5a31a4c88c587f968b0298a672b703bf71b7e4
TrickBot
+ 689 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:yas58 banker trojan
Link:
https://tria.ge/reports/210407-vx4fx8s8bj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Trickbot
Malware Config
C2 Extraction:
67.48.36.18:449
46.254.128.174:449
41.216.166.142:449
181.143.251.154:449
77.232.163.203:449
87.97.178.92:449
185.94.172.15:449
185.230.5.43:443
91.243.125.5:443
185.242.168.118:443
201.23.76.18:443
180.178.109.222:443
202.131.227.229:443
163.53.83.117:443
45.235.5.162:443
185.189.55.207:449
103.36.48.159:449
168.253.208.234:449
41.60.233.170:449
170.79.181.188:449
177.101.15.65:449
194.156.81.206:443
103.66.72.217:443
113.161.174.240:443
185.164.41.190:443
181.112.188.78:443
103.82.146.212:443
186.183.184.218:443
78.158.171.245:443
Unpacked files
SH256 hash:
5be7bc61cc6dd239113ee1519db73659f29e2cea994abe5724cb95926c986ad1
MD5 hash:
936eb108a918368ab3fc9791c102dc28
SHA1 hash:
ac165b5720a4ca8f882f1ad9f7fe82620d0b89f8
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/3b340bc7-4a6f-479d-b89e-d8f2c29cbf94/
SH256 hash:
088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22
MD5 hash:
2939f396d5b175b2e1f28b05c09e812b
SHA1 hash:
d040e2a1d29f0b37a5e888d2402432d78440cb54
Link:
https://www.unpac.me/results/3b340bc7-4a6f-479d-b89e-d8f2c29cbf94/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe 088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1103917/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1103949/
  
URLhaus
https://urlhaus.abuse.ch/url/1103953/
  
URLhaus
https://urlhaus.abuse.ch/url/1103959/
Cape
Cape
https://www.capesandbox.com/analysis/132961/
  
URLhaus
https://urlhaus.abuse.ch/url/1104109/

Comments