MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5
SHA3-384 hash: e5d57099e6ecde5e2e666f5bf2651f3e9d1882f111d92c49de4d8d52b0c140904e22858f3eaa93eaa7b4edc40bae68f2
SHA1 hash: 9aba2ef9a890f1b2cd2be1257074002224459c6f
MD5 hash: a4dc92b904b2b4b31960bf84614dad78
humanhash: mango-snake-spaghetti-zulu
File name:7.water
Download: download sample
Signature TrickBot
Create hunting rule
File size:443'392 bytes
First seen:2021-03-16 17:01:20 UTC
Last seen:2021-03-17 13:30:47 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 73631ea08f5960294eeacc1cc3c8d03a (1 x TrickBot)
ssdeep 12288:ZBQ+hBancZ5k5F1cPIesC4z77VGLkujjV6Mm:ZBhracZKC4QLkujjo
Threatray 1 similar samples on MalwareBazaar
TLSH F49422555A25C060E4B30BB40EF5E784CC7EEA042B16591BF71EBD08CE36AF0959E3DA
Reporter p5yb34m
Tags:dll rob78 TA505 TrickBot


Avatar
p5yb34m
http://www.linkinc.es/scss/water.php

Intelligence

File Origin
# of uploads :
4
# of downloads :
1'673
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/124341/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.1050.26963.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/32fcabf5-54cc-4448-8137-530d8cf4de6d
Result
Threat name:
TrickBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/641072
Signature
Allocates memory in foreign processes
Delayed program exit found
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Found potential dummy code loops (likely to delay analysis)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect virtualization through RDTSC time measurements
Uses Windows timers to delay execution
Writes to foreign memory regions
Yara detected Trickbot
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2021-03-16 17:02:07 UTC
File Type:
PE (Dll)
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
09da6102c6b77c609537c5b3d8bf9de8f4143d533856d174929859feda5806fa
TrickBot
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210316-qk9gzlmwfa/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5
MD5 hash:
a4dc92b904b2b4b31960bf84614dad78
SHA1 hash:
9aba2ef9a890f1b2cd2be1257074002224459c6f
Link:
https://www.unpac.me/results/764b6985-b8fb-4f28-a4ce-b69a89518fd6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.93
Link:
https://yomi.yoroi.company/submissions/162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

DLL dll 162bfebce722e1d9d4a4b67762b58c2129d5f76db40d101f2a4ab1438a795bc5

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1071420/
Cape
Cape
https://www.capesandbox.com/analysis/124341/
  
URLhaus
https://urlhaus.abuse.ch/url/1072482/

Comments