MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1455e78e95b8e3b9df5eb8d8d1703018c927694c6269e01f1b846abdfa054b82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	1455e78e95b8e3b9df5eb8d8d1703018c927694c6269e01f1b846abdfa054b82
SHA3-384 hash:	c20cea8c8efbc94f8d7b7b90a9c2ab86127eaeecd993bdc6ff61018dd3ad0e22bfd744f9a8b8febb49b99cf68142e918
SHA1 hash:	87d1e2c9981e6be597f67bfd52be31a26ede7a0c
MD5 hash:	98dc893e95559813389d1c3a00076c9d
humanhash:	hotel-item-enemy-low
File name:	98dc893e95559813389d1c3a00076c9d.dll
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	602'112 bytes
First seen:	2021-10-19 15:33:57 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	a41e602f2bd2d3f2d246378f964f4626 (4 x TrickBot)
ssdeep	12288:mpE9ujlV704/VaAvamomBZXfVcChftF0A61dZmwp22lFn42:8E0jlu4NawvNRF0rDp2OFnl
Threatray	4'270 similar samples on MalwareBazaar
TLSH	T191D4D003B2E0C036C2EF1234AD566B9576FDFC605AF5C687AB807B4D2E31AC15A35369
File icon (PE):
dhash icon	71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter	abuse_ch
Tags:	dll TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

444

Origin country :

n/a

Vendor Threat Intelligence

Detection:

TrickBot

Link:

https://www.capesandbox.com/analysis/198637/

Detection(s):

SecuriteInfo.com.Trojan.Win32.Save.a.15341.23351.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

greyware keylogger packed

Link:

https://www.filescan.io/uploads/616ee5729a5a1e91c5c6ce3c/reports/b514eb2a-a273-4989-9c47-7c4c96939b50/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

TrickBot

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8b5085f7-659d-452a-ae66-a8ea01e084f5

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/1455e78e95b8e3b9df5eb8d8d1703018c927694c6269e01f1b846abdfa054b82/

Threat name:

Win32.Spyware.TrickBot

Status:

Malicious

First seen:

2021-10-19 15:34:14 UTC

AV detection:

11 of 26 (42.31%)

Threat level:

2/5

Verdict:

malicious

Label(s):

trickbot

TrickBot

26a6d15bb16939076bf726e4e573b2519f7fa222c35a3b5361d9c208a10b284b

TrickBot

6cdc36e5c8774b62bbeeaa2141af5fd3c9c5ca33e0197e6301f76f23e59e9e22

TrickBot

6db7642e42467842b97947426d78418e58c1e0b25f125ce0faa8bfa6436a70b2

TrickBot

8535cee5617eb72238f813ef3ae9884558c79cfdce04125e1adec30091e7a7b3

TrickBot

968a796e04e6cf1ee9bcfb89923369373056790e9d37afaaeeacbb427f5a891f

TrickBot

9e470e0dec1667c6c05aed506db5d6bfbfc0ee313627531aaffccc3c0a72f8b2

TrickBot

be6f52a5ec95249cc20be5224a6c1e759e06a447c7996b98d063308d3077a2d0

TrickBot

e1b7ffcc831b6b0ef56e665e5f0f8daee789b9426e8dce21e44fbbe9518acbdb

TrickBot

f8cdd0190b5b1bc3a441e8298cdedec9f09bca6ff99ec0b461d7730985ffb78b

TrickBot

+ 4'260 additional samples on MalwareBazaar

Result

Malware family:

trickbot

Score:

10/10

Tags:

family:trickbot botnet:rob136 banker trojan

Link:

https://tria.ge/reports/211019-s1ddqsgbb4/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Trickbot

Malware Config

C2 Extraction:

65.152.201.203:443
185.56.175.122:443
46.99.175.217:443
179.189.229.254:443
46.99.175.149:443
181.129.167.82:443
216.166.148.187:443
46.99.188.223:443
128.201.76.252:443
62.99.79.77:443
60.51.47.65:443
24.162.214.166:443
45.36.99.184:443
97.83.40.67:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443

Unpacked files

SH256 hash:

20ba144cbdba3238cc8228d892e916e6351a0f2be0cdabb7d94251f305273bcc

MD5 hash:

a933bc0f73dff2461239e83c7f1e25c9

SHA1 hash:

f35590e8506d63f21dada76efb4183d706db1dd2

Link:

https://www.unpac.me/results/a3745877-083b-41f1-bba1-d3e78a160fc2/

SH256 hash:

26f76f22131d7c79defb400bc80755ca66cc1a072e3cb6e1613b8d780a171665

MD5 hash:

d09b00e792418eb8c2b5a52d0f2f2ac6

SHA1 hash:

b6706842a5cdbb3d4d49e664fa4caa49afc691ec

Link:

https://www.unpac.me/results/a3745877-083b-41f1-bba1-d3e78a160fc2/

SH256 hash:

fe4113b32c3d774ac5210a04b6e0e339a93770edb97bfd004e1f5448ccba851d

MD5 hash:

4be9f19c34ee551f4c889f1c2f0fd469

SHA1 hash:

992d028dedbec8de291552613eccc39b96dd5d17

Link:

https://www.unpac.me/results/a3745877-083b-41f1-bba1-d3e78a160fc2/

SH256 hash:

b2c4e3e3eacf501232242e9a340dfe29776ae79685e5cb7bdb25dcb168c793c3

MD5 hash:

5003d5e55f514b8f18d0c3b5d2942e2c

SHA1 hash:

5a197cabd54e8fdc40ee1bbce711ed3879d0089f

Detections:

win_trickbot_auto

Link:

https://www.unpac.me/results/a3745877-083b-41f1-bba1-d3e78a160fc2/

Parent samples :

968a796e04e6cf1ee9bcfb89923369373056790e9d37afaaeeacbb427f5a891f
e1b7ffcc831b6b0ef56e665e5f0f8daee789b9426e8dce21e44fbbe9518acbdb
f8cdd0190b5b1bc3a441e8298cdedec9f09bca6ff99ec0b461d7730985ffb78b
1455e78e95b8e3b9df5eb8d8d1703018c927694c6269e01f1b846abdfa054b82
65234c8a08c9a5e2e81af11e4be56eaee3ec00c9063069ab9d97770d6f31ba6b
af7526d30d40da60e83b0423f338f0740886321eadaae86ce16c10af44e44c3e
c0c4cf3a74e70f837e73f44ed95789946b02de457b6155ddc4e14a9441f92048
4f80d51a856dad4037a2de22d17ec77a3f6a8768c9d312f489f859f9cf4f0520

SH256 hash:

1455e78e95b8e3b9df5eb8d8d1703018c927694c6269e01f1b846abdfa054b82

MD5 hash:

98dc893e95559813389d1c3a00076c9d

SHA1 hash:

87d1e2c9981e6be597f67bfd52be31a26ede7a0c

Link:

https://www.unpac.me/results/a3745877-083b-41f1-bba1-d3e78a160fc2/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/1455e78e95b8/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.96

Link:

https://yomi.yoroi.company/submissions/1455e78e95b8e3b9df5eb8d8d1703018c927694c6269e01f1b846abdfa054b82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/198637/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample

MalwareBazaar Database

Database Entry

Intelligence

File Origin

Vendor Threat Intelligence

Result

Result

Details

Result

Signature

Behaviour

Result

Behaviour

Malware Config

Unpacked files

File information

Comments

Login required