MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3346b8335a4cf275625e542dff2f3e2b9a9f7748cec2ceb80cfb0ab7789fc0d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3346b8335a4cf275625e542dff2f3e2b9a9f7748cec2ceb80cfb0ab7789fc0d0
SHA3-384 hash: a22bdc668739159fc308f70ca29f8b907679a7d37939507ce90fbddd9ec02d4dc73d05bc928e77a0f0aad69accf46954
SHA1 hash: 8b56d485fb373a3a377e54ce245cd6ca1b6544fa
MD5 hash: fe4e05ddc5245e5b2ef7dcd2416f5a2d
humanhash: kansas-magnesium-equal-rugby
File name:74andht1.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:291'136 bytes
First seen:2020-06-16 07:41:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c2c9f7d0a595284257bdbaef54d2493e (2 x TrickBot)
ssdeep 6144:T2doJfrP4UfkwxCaE0EU5ZRIEIt8Fg+j3DIBtFvf4OKSBw+ca4L0:ZXswf/EU7uaj3DItxgJSK+da0
Threatray 5'408 similar samples on MalwareBazaar
TLSH 8C54022374E3C973F6A904B57CD65BBB9B37BA100F52CD8397A4B21A8D306618933346
Reporter JAMESWT_WT
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10645/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43347484.8556.17062.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 07:43:03 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gndlqm22jtzhkys6kqw76lz6fonj652iz3bm5oam7mflo6e7ydia._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
05419cb584d67a251d98a302aebeda680806e178d9aecb9265bc1e48dc8897bf
TrickBot
10a0cdd0253d5747a6d4c5f409247c893a2d67a6e7624008dbc42fca3b3fc789
TrickBot
254276c73f2d96f4aab8a96a326b222a05c4e72568e18455469915fb992ec184
TrickBot
4a8e724787fe19de01666f5ec11febceb8dffbd79da8a7645af6315587048936
TrickBot
5929445eb9941a91426eb0cc13cf918649608a1e2772d283cdc83665d82d400a
TrickBot
59c462b186c2d8258a8cc2645f1b24ac91a53e7f49ad91b4e6f7a904736ed1cf
TrickBot
667bed787281da1a9260a1ebceed504815a645c6a37aaa08810f427c89132cdc
TrickBot
912790d045d0e672bfb1069b453c50e22f1ab7b5d728c364ac3c5cdd05e85c4e
TrickBot
b6edc51053088f5d94cec4f62253cb8676f1b5b450a2c0da9562639eb73f45cd
TrickBot
e6d0cd4425a0d27fa8b175b4545a77a5b543dbe21d0ff28a948f75b0519fafa0
TrickBot
+ 5'398 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
trojan banker family:trickbot
Link:
https://tria.ge/reports/200624-x6tnq1w2ts/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Trickbot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10645/

Comments