MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0927a3a49404b9de1a120157dc89f931ac98f765a0a452d2c71a7d8daf7a42ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0927a3a49404b9de1a120157dc89f931ac98f765a0a452d2c71a7d8daf7a42ff
SHA3-384 hash: 0783fcd683dbda2bda6c6af4bb34abdf5665ef8144f4eda474325e3ada7161ca0734076e99e6e06dc95b9e8b366cff7e
SHA1 hash: 9ba9427c943d4c759f02d03aa8ff6f2990630fcf
MD5 hash: c5f8758ba21805d1d10eb5266d6acbf1
humanhash: thirteen-seventeen-carpet-finch
File name:125957464566.87774554435.PDF.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:905'728 bytes
First seen:2020-04-30 07:34:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d9a7d73ac6a4d940a4cdd05a1a20dc6 (1 x TrickBot)
ssdeep 12288:vFnnEkkZkjxluyTF/GEQv/e5/YM5vRupUF/seb3lfcflVHngv8DUpVj3s4jRinT/:xuyTF/kvU1/FSQ
Threatray 404 similar samples on MalwareBazaar
TLSH 8C159DC3BE940925E4E158776B21E3F20C7E8080191FD7E29A7C587D4ED82E25B25EF9
Reporter jarumlus
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Ulise-6854100-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2019-05-01 18:36:11 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
emotet
Create hunting rule
trickbot
Create hunting rule
Similar samples:
005149b4a8d817af2e11f4aa505878fcb9e7ea38ce96364734ebdc6109fb544b
TrickBot
05b449bf4042b771a25d8d1b850e942325516196b73aba7a70e99f80b996ab2c
TrickBot
18a40f97d649fd2106faeddba94fc124beff44f69b713dbf4b88614f151b6f25
TrickBot
1c8e7015a2423c7a1ca5e7c5cdbb0b7eaf175e2b5983269281bfe9d1c8ee9985
TrickBot
3b2850cd8a54bfdb4c52c45f541c4d97047a28b19d034bbec609389b19019094
TrickBot
6c5cbab985bdb5d892675422a21b49c7a364961ca01141bb45ab98d3847d5a5d
TrickBot
83aed4ae8d1c8c859858f028fb69c8ded9f06538bbf46b4909ee04c4e7cf838f
TrickBot
c49423c0fce4c71e3bef5bc92441e9510c7f46d54207446df6496128f9780924
TrickBot
c9880b54eff052551b910427ebe39f02e2af781c99336b9f5bbb1a9ba41e0e19
TrickBot
e3e23a1867df6b2aebe2c2147de72833f24eebb7ad203bd5ab404a3e65e75c83
TrickBot
+ 394 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
Reviews
IDCapabilitiesEvidence
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::ImpersonateLoggedOnUser
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesADVAPI32.dll::ElfOpenBackupEventLogA

Comments