MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fe819b31a37fe384469d1464be5f2238e64288d145c4110729eefefaa197155. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	1fe819b31a37fe384469d1464be5f2238e64288d145c4110729eefefaa197155
SHA3-384 hash:	4c3644b3474bcccf439e0827a2ca59daf1ede10b9dcb9c58b00e030ee8f40753cd6f0acaf7ea8337dd8b5b7ae81c2651
SHA1 hash:	46425eb45ee3475d7f932b2eb3b151b39840b684
MD5 hash:	44d2a20969032a26f2688a3d22954477
humanhash:	queen-sierra-green-lithium
File name:	1fe819b31a37fe384469d1464be5f2238e64288d145c4110729eefefaa197155
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	582'144 bytes
First seen:	2020-06-03 15:04:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4c950d8b049a9a7132ffcca14dd7dc3f (1 x TrickBot)
ssdeep	12288:Swznm2fzSa9Opae98finZe1NCXTU7lq/2ZpPwKemKBFhEPe:SMvf2asnZeqEqeZpPwEKBFn
Threatray	3'038 similar samples on MalwareBazaar
TLSH	78C4AD21BBD0E072D26235314E67D3756AAABD615F35878B77C0372E5E302D29D38B0A
Reporter	raashidbhatt
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

SecuriteInfo.com.Gen.NN.ZexaF.34100.Jq0@a0lz3kbi.9807.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Trickbot

Status:

Malicious

First seen:

2020-06-01 11:27:00 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=d7ubtmy2g77dqrdj2fdexzpseohgikencroecedst3x67kqzofkq._file

Verdict:

malicious

Label(s):

trickbot

TrickBot

546ba5ce0a83d3dbc31ee21e174438c9e3794834de8d11a47f04f1ce005cd67d

TrickBot

6fc676e30cf28110639d8ceb6dd435aade49eda40096768fe2a3f2b466d6a0b1

TrickBot

764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb

TrickBot

814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3

TrickBot

841fccdc97e1f86bd50c1437517ce63c0969598a2aafd3064fd950b6d9bebd9d

TrickBot

9e91c4019c91b12e04bff20bf3418ddb84e29ff54f275293b1cec9688ba18441

TrickBot

ccdc04adce0627519bf39c6491765a6c61b1ee62e188e4a329aee529623c92b8

TrickBot

d494077303e7a373e64379d2b7bb80695809d3c9c64c993d324775f33d8b798a

TrickBot

df3ed6d4a2ea8d6ae3d1ab87ba9654b438e36d0276e2dfcdbc9dbe689413a3d8

TrickBot

+ 3'028 additional samples on MalwareBazaar

Result

Malware family:

trickbot

Score:

10/10

Tags:

family:trickbot botnet:tot694 banker trojan

Link:

https://tria.ge/reports/201109-m125f6454s/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Loads dropped DLL

Executes dropped EXE

Trickbot

Malware Config

C2 Extraction:

5.182.210.226:443
192.210.226.106:443
51.254.164.244:443
45.148.120.153:443
195.123.239.67:443
194.5.250.150:443
217.12.209.200:443
185.99.2.221:443
51.254.164.245:443
185.62.188.159:443
46.17.107.65:443
185.20.185.76:443
185.203.118.37:443
146.185.253.178:443
185.14.31.252:443
185.99.2.115:443
172.245.156.138:443
51.89.73.158:443
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
181.129.134.18:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
202.29.215.114:449
180.180.216.177:449
171.100.142.238:449
186.232.91.240:449
181.196.207.202:449

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample