MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e5d88bc0b089338cd5608b1b0766efeae2f0f8cac9c573793a99b627441ff85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e5d88bc0b089338cd5608b1b0766efeae2f0f8cac9c573793a99b627441ff85
SHA3-384 hash: 1aed2cd2a9dcb4f0d883e56d912771d55662c64250ba5d4aea4125e9f4023428285508b5b8dfece288463bc2095d3264
SHA1 hash: 1995e3fc4c29152b35c2bf0c040f7d8ea6e06393
MD5 hash: 0f0e362c57405f267db43457d41be1be
humanhash: violet-lactose-gee-mirror
File name:0f0e362c57405f267db43457d41be1be.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:438'514 bytes
First seen:2020-05-01 11:00:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d335e687ad5304dd60f36972a0a911fb (2 x TrickBot)
ssdeep 6144:hD+/X6p2VLN/2TFxV2C8nPGuX2LIh82D:hi/XE2Vl2x4BOuoIa
Threatray 4'787 similar samples on MalwareBazaar
TLSH A6948D490817D8C3F1293572EBFA22FE1408CE1DCFD29BCB250DB56925B91D6E842F59
Reporter abuse_ch
Tags:exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gh.12876.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Trickbot
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 18:32:14 UTC
File Type:
PE (Exe)
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzoyrpalbcjtrtkwbcy3a5to72xc6d4mvsofon4tvgnwe5cb76cq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
3008d3a85d42533167443e236755a01ae25d008728dbcd9630d99a42db30fbae
TrickBot
3655fd141632949c32d6f76901bd5a70e6c93576f086d1eb001924c9f22429b6
TrickBot
3ab5b0ccf5b8a334be2056a5b257ca676f3afe333965a8a70b3b562b51e50f03
TrickBot
52223ec90dbd12dfaef3d91adfda51bf16ebcefcf3fef248d00e5cc42d55356a
TrickBot
5f56a8ec752d443e483755830c85c7e1f3ef2a88d74f092c1079ae2d108d25ec
TrickBot
62393dd1e58dc000821490355bfd01c42d509806ab519261c184d24438e491ee
TrickBot
6252fd00cbd6175142cdfa3fd5f51a24ffe75433621f0b74df4d1488c2f42c29
TrickBot
6ffce7d83ccc778442be55d46cbcf967c6d606801409a62bdb00e54776f374b1
TrickBot
cd093b974b530d7ef2704d62a63761a34ea0a20f6a1398e00d73b805547f2ba5
TrickBot
f68b30807bc53ed4943d900c8f9ea82269078cde72702826747f948a8eb7957c
TrickBot
+ 4'777 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateDirectoryW
Shlwapi.dll::PathRemoveFileSpecW

Comments