MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments 3

SHA256 hash: 0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550
SHA1 hash: 0bf2310b629c69bde49cd16ae01144faa277dd58
MD5 hash: a43b91322c46a81a715262217fc7b848
File name:da1_2020-05-07_20-27.exe
Download: download sample
Signature TrickBot
File size:420'352 bytes
First seen:2020-05-22 19:57:07 UTC
Last seen:2020-05-22 20:43:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ad69f8f4b5008fa7408577b5f168b6e5
ssdeep 6144:OJKjDQFSigDdVj4KRVhWWB0X/ww1H/9bTo6RGgBdezdwK8L7wHK3:OEnDdVjNVrBgH/STgBdWdhIwHK
TLSH E194C001B3E1D472E36356388925DBA0063ABC515E27A1CB27BC5EBF1EB12E1D632356
Reporter @malware_traffic
Tags:exe gtag: da1 TrickBot

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 29
Origin country CZ CZ
ClamAV PUA.Win.Downloader.Aiis-6803892-0
VirusTotal:Virustotal results 80.28%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments



Avatar
Joul Kouchakji commented on 2020-05-23 15:13:34 UTC

DLLs:
--------
662e31717dca448247bb9ebf1b1a5102bef7a140bf157405c4a7ab03a89ec5bc mshareDll32.dll
8344a88eb50c371402d621b1f8f70a70cdbc5f99bb6ecf1ee0a751fbc114e9e0 networkDll32.dll
0547da30af3af6b057beb290bcf1591521155f2c3892be52bfcebaeea3a9f85e nwormDll32.dll
1dc15b9c2e6ed47ee5d1791c3b746d417d594b58d650efe4dcee7054da724320 pwgrab32.dll
17c8c74af8f1c0fa64e27d57d58b5acab6869fcd9c5b2e71b5b17b0520a1b8d2 tabDll32.dll

Avatar
Joul Kouchakji commented on 2020-05-23 15:10:57 UTC

Modules:
------------
f2011693e0a39b72ad1d6085c9025c60c4ab95634ddc7434555e432d6dd6da49 mshareDll32
1851e0c07bf9ebe7cfbced207ff6ffcba76f4f6d36e9035ca3eca3045b002182 networkDll32
cd2aa537c8a62a53d4da05b4aadbde1729dbcdde774241aaed7bc7e518164f87 nwormDll32
57002384c9290d692279a311220bc39f94ea29f5483e3c14b2a9411d697d561d pwgrab32
cdfe14f669ec373f83766226619d70a19acabc1ae1eabf6074b0b264966c75b4 tabDll32

Avatar
Joul Kouchakji commented on 2020-05-23 15:07:06 UTC

<dpost>
<handler>http://203.176.135.102:8082</handler>
<handler>http://112.78.164.34:8082</handler>
<handler>http://103.94.122.254:8082</handler>
<handler>http://170.238.117.187:8082</handler>
<handler>http://190.100.16.210:8082</handler>
<handler>http://190.119.180.226:8082</handler>
<handler>http://96.9.77.142:80</handler>
<handler>http://96.9.73.73:80</handler>
<handler>http://36.89.106.69:80</handler>
<handler>http://177.74.232.124:80</handler>
<handler>http://103.84.238.3:80</handler>
<handler>http://85.204.116.155:443</handler>
<handler>http://31.131.26.3:443</handler>
<handler>http://5.182.211.138:443</handler>
<handler>http://85.204.116.188:443</handler>
<handler>http://85.204.116.190:443</handler>
<handler>http://93.189.47.95:443</handler>
<handler>http://185.142.99.25:443</handler>
<handler>http://91.200.100.173:443</handler>
<handler>http://51.89.177.10:443</handler>
<handler>http://23.239.84.142:443</handler>
<handler>http://194.5.250.36:443</handler>
<handler>http://185.14.28.132:443</handler>
<handler>http://192.210.226.12:443</handler>
<handler>http://144.91.69.191:443</handler>
<handler>http://31.131.20.23:443</handler>
</dpost>