MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4
SHA3-384 hash:	3ec436d40676a3ba77f699d8bef716e02523724adebe66cf34e2e609f9cdff8da7d2365c2b150869f2446d16d822e448
SHA1 hash:	27f367c0914f2a0ae9750acf20e72561cf16f72b
MD5 hash:	0ad4b8df130fcd3317a06a11fe7cef3d
humanhash:	william-burger-india-delaware
File name:	lovemetertok.png
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	610'304 bytes
First seen:	2021-07-21 13:34:44 UTC
Last seen:	2021-07-21 13:34:58 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	aa766223dad1548ddba0e06749dd8601 (3 x TrickBot)
ssdeep	12288:t7NI5iGRtGvUw0mKBMwd8gzyYhJ/W2s2dFS8J:7YRtGvUmq382yYf/WelJ
Threatray	850 similar samples on MalwareBazaar
TLSH	T163D4C012B590D036D29F01383E515B79B2EFA9A01BF1D463E7F0DB5C8D329825E3B25A
dhash icon	71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter	malwarelabnet
Tags:	dll rob109 TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

169

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/172996/

Detection(s):

SecuriteInfo.com.Trickbot-FTKT11A2BBC677B1.8693.3401.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

TrickBot

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b38f9556-d79a-48e1-b00f-ccc0df2c9efc

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4/

Threat name:

Win32.Trojan.TrickBot

Status:

Malicious

First seen:

2021-07-20 18:41:12 UTC

AV detection:

9 of 28 (32.14%)

Threat level:

5/5

Verdict:

malicious

Label(s):

trickbot

Result

Malware family:

trickbot

Score:

10/10

Tags:

family:trickbot botnet:rob109 banker trojan

Link:

https://tria.ge/reports/210721-pb934wmg9j/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Trickbot

Malware Config

C2 Extraction:

38.110.103.124:443
185.56.76.28:443
204.138.26.60:443
60.51.47.65:443
74.85.157.139:443
68.69.26.182:443
38.110.103.136:443
38.110.103.18:443
138.34.28.219:443
185.56.76.94:443
217.115.240.248:443
24.162.214.166:443
80.15.2.105:443
154.58.23.192:443
38.110.100.104:443
45.36.99.184:443
185.56.76.108:443
185.56.76.72:443
138.34.28.35:443
97.83.40.67:443
38.110.103.113:443
38.110.100.142:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443
38.110.100.33:443
38.110.100.242:443
185.13.79.3:443

Unpacked files

SH256 hash:

8ec4c1b7bd6dc445b04d8d93740bcc72ee3ea94316e321c9fc7b5d77bfd314d5

MD5 hash:

9b49ff370e20a1581da344390b5a1d94

SHA1 hash:

085dd34e7281f8669a1e94001167cecd6c2be741

Link:

https://www.unpac.me/results/9dd95fde-ec54-4b9b-99f5-1615a14edb31/

SH256 hash:

7429e3e9681fdfebc8210a744a9e41c7ad849f7af0c611ee4c272a67cbd44251

MD5 hash:

8c1a2825ab2da0ef39175720516294ca

SHA1 hash:

bdba87361cabe6814d5be5c0bb60b68f29b6e98a

Link:

https://www.unpac.me/results/9dd95fde-ec54-4b9b-99f5-1615a14edb31/

SH256 hash:

938812d5f46ffe93c903743719992f2b63a8bfdd619adbb85a88137e9ed28330

MD5 hash:

59509d380c2b8dc8babc705bd262e749

SHA1 hash:

e65a7e2026e1af085ff3e80f9486ef3bc5cc1f00

Detections:

win_trickbot_auto

Link:

https://www.unpac.me/results/9dd95fde-ec54-4b9b-99f5-1615a14edb31/

Parent samples :

dafc058d57b736297e2e8c5126a3a4310e007c32cdaecdbe5af8e8eca05f33ed
d4d87a208df0ba460ccc94d8b7c62e223e4f0a18fa2b799f13ab5ee70f3c2e6c
7bc0a27df5b8420ca23081fb973bb68729bab7b6229513c81019f7be76deb8e1
1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4
d06c5ec5cefe2c6b80bf532cae9c270f2e25f0f2c5e6b05cffa36fe8a17dac3c
fda93931bb0b67a61cae3acdae38a66fba556813a194239c0391819b3dbfed26
fe91dea9457e5d92d63cb97758a278939ef33b0529bce694dba57d2db5caedee
faba77692acd1b52614d6379b4f197af178119baef932ee3157098e3bbcceef7
cd7f39f9f95a1161878980631e4069057e715e84bf3ecf940bfca97ce5a96e20
a3b6b719ce886b1b47b5e1d94d5d017c6bd58d3732ee3d43e0557b6395a87401
e07cef58aa29455209f32ef23249c9dbfc14dcb79b129dcef040f84aec0253fb
9da8a5a0b5957db6112e927b607a8fd062b870f2132c4ae3442eb63235f789e1
b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd
7c19373d58728b0e1b36cf30af5dca5eb5975acaaf2b8b0eeac0f87a4f82ce06
ab31cadce548ff34783ae6a838a3ece8484f4c96b02de8c9b314c0f96c064ab7

SH256 hash:

bec62cec0c4d9909a96a68c7684b88c9d9e3f6c4b0f1ba1bc0a1448425a033f2

MD5 hash:

0015cedc4994e5dc5ecb22e6394785d7

SHA1 hash:

ebf1951df34f838a4f88f31e850945516dfca227

Link:

https://www.unpac.me/results/9dd95fde-ec54-4b9b-99f5-1615a14edb31/

SH256 hash:

1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4

MD5 hash:

0ad4b8df130fcd3317a06a11fe7cef3d

SHA1 hash:

27f367c0914f2a0ae9750acf20e72561cf16f72b

Link:

https://www.unpac.me/results/9dd95fde-ec54-4b9b-99f5-1615a14edb31/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/172996/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample

MalwareBazaar Database

Database Entry

Intelligence

File Origin

Vendor Threat Intelligence

Result

Details

Result

Signature

Behaviour

Result

Behaviour

Malware Config

Unpacked files

File information

Comments

Login required