MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1866bd30067075e02711e616ea58ea560cb73fd1eab910a07f7ad3728110c54d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1866bd30067075e02711e616ea58ea560cb73fd1eab910a07f7ad3728110c54d
SHA3-384 hash: 7554203470f8ce4ef2c9dd0e28b756b6346cea08eeba87776e9fdd05568b72467cb323c48ed105928836c752efa421fe
SHA1 hash: 03d7ab7f63d45c5684093777453db3757a25f4c6
MD5 hash: 5be5db117cfd82fd092753970848cefa
humanhash: bacon-six-queen-rugby
File name:SecuriteInfo.com.Trojan.GenericKD.34294574.29861.5345
Download: download sample
File size:553'472 bytes
First seen:2020-08-10 08:55:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8d45050c398215dccb435a5f3813e0c3
ssdeep 12288:b+NLV0b0PkpPlRRZw9Zo86/8uuVG3tUJWlkoqd5E4V/:bd0PkpPbRWHK12JWqq4V/
Threatray 26 similar samples on MalwareBazaar
TLSH 72C4AE47B6A48DB1E877D23ACA93874ADA737C204731D3CB1250971E6E336E15E3A721
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/42478/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34294574.29861.5345.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Transferring files using the Background Intelligent Transfer Service (BITS)
DNS request
Sending a custom TCP request
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/416400
Signature
Contains functionality to inject code into remote processes
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Keylogger Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1866bd30067075e02711e616ea58ea560cb73fd1eab910a07f7ad3728110c54d/
Threat name:
Win64.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 01:28:39 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
65bdf218a95af52100c20e6f146a7acf16aa0ed0a34ddc7f4a68c66554b648da
75b24a04b7ddddd036a8e677061e2cd86bc74f147f4b59de463964476db5f003
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa
a5602ba2bfa6fcd7b914266f63da512b1c212c75406731aaefa9fcbcd785a57d
a84cf81fa2d7790ea8f5d59354fa47d2067a12c89c2d975ee2f3b9547765be1e
be3d1522f968ad7cc46a996a64b5e5be8044075f6bd1784046e46671bf416b45
d2bb06dc3882c72e26ed7598fee37d128955c229246225ed393d90bd2a4eb1dd
d538dfafbdf6ac115c24dbdd68c65dbef6460808dd2c4f3fc01d5e15bfc2f902
fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200810-lrhfngqds6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trickbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1866bd30067075e02711e616ea58ea560cb73fd1eab910a07f7ad3728110c54d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_uroburos_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1866bd30067075e02711e616ea58ea560cb73fd1eab910a07f7ad3728110c54d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/428054/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/42478/

Comments