MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed
SHA3-384 hash: f6412042282ff0ef43364d98763b09f545af9a9fbdfc0de7fe606d48bf1765d9c8d3c67545ccad8f34761e563b525d7d
SHA1 hash: cb7f251f980d3433876038141dfdab4756ab5c76
MD5 hash: c17c153f148b11a904690af5e747aa90
humanhash: arkansas-cola-eighteen-high
File name:2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed
Download: download sample
Signature TrickBot
Create hunting rule
File size:675'840 bytes
First seen:2020-11-12 13:54:12 UTC
Last seen:2024-07-24 12:45:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ba56e34e8a22ac91a660555598e60e39 (5 x TrickBot)
ssdeep 12288:8JhDSHN5V7kr351Rnsp3ORBUU8vg0whwRKCV50robF7z:8zSHn+jbRspIBUUP01RKC8EbF/
Threatray 2'269 similar samples on MalwareBazaar
TLSH 41E4CF123AE2C076C29655324ED6CFB9B2F5E9508B7266C7B7C40F5D7E34AC0963630A
Reporter seifreed
Tags:TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Armadillo-65
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Searching for the window
Creating a window
Creating a file in the %temp% directory
Delayed writing of the file
Deleting a recently created file
Launching a process
Connection attempt
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 13:55:08 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6clrkcra3tqfsukhny5xffr3sg5uult5ht3d5tswkgapu37k7wq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
05b662e6e0ee03a3e2b87b14fcda6e28f8e048b62f5baeb698068b85d83b1181
TrickBot
09489e108c5b049847f98b97af75418db20af15d9cd727b240b922954b626845
TrickBot
52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929
TrickBot
58c4bea082b2f44f0beab5356ae2bc9bc73c3f13ab0491861bc2ba24690da103
TrickBot
5ec3fca3f0fa3232c85ace8ea62056223149452b70bee259706984e2c96e1998
TrickBot
6ca141e8ed2443113c9e497d231b93cf41d86b224993c48f589b375a830cd27c
TrickBot
7eb79859f61d8c17c2311867019dca95098df7f55c0ef00580f1cf7fa904a99f
TrickBot
7fee0f3adb6bb5a3ed22ad960709a87893e2512d099f6c8c39946097d9a4122b
TrickBot
ea5c72bce7e028a6b2f9febd90751bf0e323da00b4b0d68be2a52ed21fe2a4d0
TrickBot
faaa0098ad3de31c95506576653962bf783bdf347b6d22255d707561e30c5350
TrickBot
+ 2'259 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:tar2 banker trojan
Link:
https://tria.ge/reports/201112-xybhamgk9e/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Trickbot
Contacts Bazar domain
Malware Config
C2 Extraction:
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
Unpacked files
SH256 hash:
2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed
MD5 hash:
c17c153f148b11a904690af5e747aa90
SHA1 hash:
cb7f251f980d3433876038141dfdab4756ab5c76
Link:
https://www.unpac.me/results/25580073-082f-406c-90b0-bdb9def606fc/
SH256 hash:
4c15d9ba5c60923f601828004fa067e20d955cec58157d3f1497d4c2007ba114
MD5 hash:
a5203a4ffdf5f52877dd56ec1004dd54
SHA1 hash:
19d82fcd865abd8030c57359cecc303c9ba7f66c
Link:
https://www.unpac.me/results/25580073-082f-406c-90b0-bdb9def606fc/
SH256 hash:
b881ee8159e9978164801bed29bbf2da206c5fc1213ffcb7bdec6c57516c92d7
MD5 hash:
fae33903288952ef492e83cdd6a13919
SHA1 hash:
c7527dae5a3a22edbeca2424f6da7374848215df
Link:
https://www.unpac.me/results/25580073-082f-406c-90b0-bdb9def606fc/
SH256 hash:
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5
MD5 hash:
8f8226f3671db4833a9e091d3ad25b07
SHA1 hash:
caa16573f44e49e30079ba1fced6d6ef16eb8969
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_g6
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/25580073-082f-406c-90b0-bdb9def606fc/
Parent samples :
f3f2e0e5f0dd4c1b04f2434b95aba1fafd91df0e0e75cf6a851d5238f1ad0ffb
2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed
6c4351f71620b31a44371350bd9dc1f7e581a8dd0506691eca6f9ed9d1d41732
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trickbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments