MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e778dc95bcfde018d54f0ba032949c08c199cf15cbd1b1366a81ed012e80e27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e778dc95bcfde018d54f0ba032949c08c199cf15cbd1b1366a81ed012e80e27
SHA3-384 hash: ec6ba8b63307eca765f50064634e26013beb694a8024f19e02fd23e0810c422223ca0ca59386d5e8e63656ef1a391c3b
SHA1 hash: f30d15925204626682213ba4a430c217637beba0
MD5 hash: 5db96940e68acc98259b7c9585f551ac
humanhash: iowa-december-bakerloo-stairway
File name:SecuriteInfo.com.Generic.mg.5db96940e68acc98.5880
Download: download sample
Signature TrickBot
Create hunting rule
File size:337'408 bytes
First seen:2021-02-11 19:57:37 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 89cc9d6792f17d6eec1bfb53516f1f37 (2 x TrickBot)
ssdeep 6144:2TDNuRkYdTHheWT2GOV9WFtrqlQpIxiZqD2hAQR3QfLScf4OxiSJQ442b2zE:EYR7AM2NV9Wb8YIxiZqD2hjymKIoUE
Threatray 6 similar samples on MalwareBazaar
TLSH 9F749E0075B1421CE7AE47B7146DBEC28A3826D8BA9CD71F727D08CD4B1C873B51B9A6
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116857/
Detection(s):
SecuriteInfo.com.Generic.mg.5db96940e68acc98.5880.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/606249
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 352158 Sample: SecuriteInfo.com.Generic.mg... Startdate: 11/02/2021 Architecture: WINDOWS Score: 52 28 Multi AV Scanner detection for submitted file 2->28 30 Machine Learning detection for sample 2->30 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 8->12         started        process5 14 iexplore.exe 1 74 10->14         started        dnsIp6 26 192.168.2.1 unknown unknown 14->26 17 iexplore.exe 166 14->17         started        process7 dnsIp8 20 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49750, 49751 YAHOO-DEBDE United Kingdom 17->20 22 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49752, 49753 FASTLYUS United States 17->22 24 10 other IPs or domains 17->24
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/1e778dc95bcfde018d54f0ba032949c08c199cf15cbd1b1366a81ed012e80e27/
Threat name:
Win32.Spyware.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 14:10:39 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
28cc94fb40f206ecd64d4fad4b6955ec81ffe52065b7249d0bf324e766b4d413
TrickBot
4491ecf1801788aece27b7cb76dcd3467dfd223372e1cb0c920073e857055d56
TrickBot
4acc9a92388472ce7e96d1d60b0071e21042c8b1320105be6794ddd0c0502022
TrickBot
4de0ce3057abcef1bbdb61712897d42f05dc24143bde0adf9fc3577ab4ab4fcf
TrickBot
53434f6d8c85d7f75478e0ef3abe447f3c18ea51aedb2d0afb3bb5100aa6147b
TrickBot
6e3135f2b19b776522d8ea589f676d6b707eeaf112c77d88923caf15bf98eff5
TrickBot
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:rob55 banker trojan
Link:
https://tria.ge/reports/210211-wxqcfxeaj6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Templ.dll packer
Trickbot
Malware Config
C2 Extraction:
194.5.249.156:443
142.202.191.164:443
193.8.194.96:443
45.155.173.242:443
108.170.20.75:443
185.163.45.138:443
94.140.114.136:443
134.119.186.202:443
200.52.147.93:443
45.230.244.20:443
186.250.157.116:443
186.137.85.76:443
36.94.62.207:443
182.253.107.34:443
Unpacked files
SH256 hash:
ef3c35cc6d91d17135bb32feb15fc3e2706a0a1a2759f8ddcfe5cc5de8264603
MD5 hash:
7c17c7013de8c8b30a663ef4364b5b19
SHA1 hash:
a2e3bc7660f6f83a5a4bf0a4a577ccd7695f28e0
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/25a40e43-f603-4bff-91d1-beb26f07883a/
SH256 hash:
c2096668eb6121171aeaa03a07e309d9d31e03aad66187a6d9456948cced9c8b
MD5 hash:
87546b97c90cb1357a8f64585e9e329a
SHA1 hash:
397867bdc3033efb50953566e07240c5e3ef215f
Link:
https://www.unpac.me/results/25a40e43-f603-4bff-91d1-beb26f07883a/
SH256 hash:
1e778dc95bcfde018d54f0ba032949c08c199cf15cbd1b1366a81ed012e80e27
MD5 hash:
5db96940e68acc98259b7c9585f551ac
SHA1 hash:
f30d15925204626682213ba4a430c217637beba0
Link:
https://www.unpac.me/results/25a40e43-f603-4bff-91d1-beb26f07883a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e778dc95bcfde018d54f0ba032949c08c199cf15cbd1b1366a81ed012e80e27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

DLL dll 1e778dc95bcfde018d54f0ba032949c08c199cf15cbd1b1366a81ed012e80e27

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1001097/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/116857/

Comments