MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17734caa69d900f972df17d7fbe08f1dcfc80e67687d9b3be98ce22e6d22c2ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	17734caa69d900f972df17d7fbe08f1dcfc80e67687d9b3be98ce22e6d22c2ca
SHA3-384 hash:	153d2d8849de1f7f30a99cbf426e6d70a3901022b50caa2a7ca62513523220126a62c6332243b89479df260531a103fd
SHA1 hash:	d5de16ec9e8fbd3490b71ae9b9e2c4dd2649ecaa
MD5 hash:	cabc850dd4d3ea237b28410526085b10
humanhash:	snake-two-tennessee-video
File name:	virussign.com_cabc850dd4d3ea237b28410526085b10
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	698'812 bytes
First seen:	2022-07-13 14:27:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	58471b8a9f8702d1a9e4838d7b7d501a (9 x TrickBot, 5 x Mansabo)
ssdeep	12288:zJB0lh7r6bIj22CAoyerJVbtqeql2THGseB/A96gFG7F245glIo8HuLWUV/IFIT:zQ7W81HeqwTHVepA9uprikOL7wS
TLSH	T17BE4AF2DEB147969F15309B576102A9B3C918D384293DF46EB4689CDB801EE3F2F532B
TrID	40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	KdssSupport
Tags:	exe TrickBot

KdssSupport

Uploaded with API

Intelligence

File Origin

# of uploads :

# of downloads :

360

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

virussign.com_cabc850dd4d3ea237b28410526085b10

Verdict:

No threats detected

Analysis date:

2022-07-14 03:16:25 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/7c1ee2a0-3a4a-4f10-8f37-8555d8c51f97

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/287395/

Detection(s):

Win.Malware.Mansabo-7102049-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay

Link:

https://www.filescan.io/uploads/62ced73ad6d93426ceea271f/reports/9407dd7e-2258-4d6c-947d-3615df8c16e3/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/fceb2ec5-b6e0-49b9-9e39-fe617e82acca

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1030794

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/17734caa69d900f972df17d7fbe08f1dcfc80e67687d9b3be98ce22e6d22c2ca/

Threat name:

Win32.Spyware.TrickBot

Status:

Malicious

First seen:

2022-07-06 02:29:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 26 (96.15%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=c5zuzktj3eaps4w7c7l7xyepdxh4qdthnb6zwo7jrtrc43jcylfa._file

Verdict:

malicious

Label(s):

trickbot

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220713-rs2kxsadb2/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

17734caa69d900f972df17d7fbe08f1dcfc80e67687d9b3be98ce22e6d22c2ca

MD5 hash:

cabc850dd4d3ea237b28410526085b10

SHA1 hash:

d5de16ec9e8fbd3490b71ae9b9e2c4dd2649ecaa

Link:

https://www.unpac.me/results/104e575e-8195-400f-88bc-59bf6b25d2e4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/17734caa69d900f972df17d7fbe08f1dcfc80e67687d9b3be98ce22e6d22c2ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

exe 17734caa69d900f972df17d7fbe08f1dcfc80e67687d9b3be98ce22e6d22c2ca

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/287395/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample