MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 346c4bdd618a7bda16c4298591f7d9d5d2de69b031c98a9720ce03e482129eea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
TrickBot
Vendor detections: 9
| SHA256 hash: | 346c4bdd618a7bda16c4298591f7d9d5d2de69b031c98a9720ce03e482129eea |
|---|---|
| SHA3-384 hash: | 9b57ac21981d199e7d014f9152932b10eaefb47bce1f571af0f4705c0395dc2c25c93f4e795e4816397f3137d9905811 |
| SHA1 hash: | f6ec106a8bb36560a80f666579bb7da888620b8b |
| MD5 hash: | 8c1f7b0fa5562fa8d6a00670bde44a3b |
| humanhash: | mars-berlin-december-victor |
| File name: | 346c4bdd618a7bda16c4298591f7d9d5d2de69b031c98a9720ce03e482129eea |
| Download: | download sample |
| Signature | TrickBot |
| File size: | 569'392 bytes |
| First seen: | 2020-11-12 13:54:36 UTC |
| Last seen: | 2024-07-24 12:56:24 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 2125b5f60a60a392f99267b5695ea082 (13 x TrickBot) |
| ssdeep | 6144:QCPdiOzsdiOPCaguZWZwv7diOuNCc5vIJCty1pHsqWCU9TTNYWmk:QE9Y92uZWZ09VPD11hDUJZb |
| Threatray | 6'592 similar samples on MalwareBazaar |
| TLSH | 15C49D16B290D4B6D6CA053ADDA2CEF84168EC5ACC10E79BF395FF6F34BA1428D71109 |
| Reporter |  seifreed |
| Tags: | TrickBot |
Intelligence
File Origin
# of uploads :
2
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Launching a process
Sending a custom TCP request
Connection attempt
Unauthorized injection to a system process
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.TrickBot
Status:
Malicious
First seen:
2020-11-12 13:55:23 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
trickbot
Similar samples:
+ 6'582 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Score:
10/10
Tags:
family:trickbot botnet:lib800 banker trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Trickbot
Malware Config
C2 Extraction:
95.171.16.42:443
185.90.61.9:443
5.1.81.68:443
185.99.2.65:443
134.119.191.11:443
85.204.116.100:443
78.108.216.47:443
51.81.112.144:443
194.5.250.121:443
185.14.31.104:443
185.99.2.66:443
107.175.72.141:443
192.3.247.123:443
134.119.191.21:443
85.204.116.216:443
91.235.129.20:443
181.129.104.139:449
181.112.157.42:449
181.129.134.18:449
131.161.253.190:449
121.100.19.18:449
190.136.178.52:449
45.6.16.68:449
110.232.76.39:449
122.50.6.122:449
103.12.161.194:449
36.91.45.10:449
110.93.15.98:449
80.210.32.67:449
103.111.83.246:449
200.107.35.154:449
36.89.182.225:449
36.89.243.241:449
36.92.19.205:449
110.50.84.5:449
182.253.113.67:449
36.66.218.117:449
185.90.61.9:443
5.1.81.68:443
185.99.2.65:443
134.119.191.11:443
85.204.116.100:443
78.108.216.47:443
51.81.112.144:443
194.5.250.121:443
185.14.31.104:443
185.99.2.66:443
107.175.72.141:443
192.3.247.123:443
134.119.191.21:443
85.204.116.216:443
91.235.129.20:443
181.129.104.139:449
181.112.157.42:449
181.129.134.18:449
131.161.253.190:449
121.100.19.18:449
190.136.178.52:449
45.6.16.68:449
110.232.76.39:449
122.50.6.122:449
103.12.161.194:449
36.91.45.10:449
110.93.15.98:449
80.210.32.67:449
103.111.83.246:449
200.107.35.154:449
36.89.182.225:449
36.89.243.241:449
36.92.19.205:449
110.50.84.5:449
182.253.113.67:449
36.66.218.117:449
Unpacked files
SH256 hash:
346c4bdd618a7bda16c4298591f7d9d5d2de69b031c98a9720ce03e482129eea
MD5 hash:
8c1f7b0fa5562fa8d6a00670bde44a3b
SHA1 hash:
f6ec106a8bb36560a80f666579bb7da888620b8b
SH256 hash:
c95e9a478716b70fd3cd41df75fd84e0249589deb545f2606e4083afdb6470fa
MD5 hash:
ba732e65531160940178dd3db5c7bcd5
SHA1 hash:
5fc1cd98c6cdd055b1ef4ba3ed54c1ecd38b9c5d
SH256 hash:
c9745689d7fd6d34837960f518360339cdc7a6e7e82e26acedb3c9fde75ef850
MD5 hash:
8fbe36fa58e2d3ba72e992aff01ab254
SHA1 hash:
b2c3edbde486814923a649276f11c2de2c60bd45
Detections:
win_trickbot_a4
win_trickbot_g6
win_trickbot_auto
Parent samples :
eb44f5ac14c2880848a35261d44e8a1027797138856770c7fda3718aeb0c7af5
02d94ba6b618432fbff565565a638042fa9ffca2676e99c4624db5208376542c
ba157865bc87f870332e49a55edeb0d19f8351fd410b6d1dfff3bd2917006a6b
dd6df1fd627a7b99588b807b8fc58aae480732e7f8fdb5bbd6c7b67b329ce9d5
346c4bdd618a7bda16c4298591f7d9d5d2de69b031c98a9720ce03e482129eea
2a8c90837c9111bfdea7eb357b2346471d18a7bc74778ca8f9cb6322112a55f4
042138804cfe14b527e922e0256c35ce3ef305701a2b309475b9656ebbc52342
24685ae80833bb2a534ca942681d445795038cbb83be3bb19844c17a7a4b6398
1a88779e8e9a622d5ca5afb2a67d6f979f32e02abf8fbde4e5070c90a5b7972b
02d94ba6b618432fbff565565a638042fa9ffca2676e99c4624db5208376542c
ba157865bc87f870332e49a55edeb0d19f8351fd410b6d1dfff3bd2917006a6b
dd6df1fd627a7b99588b807b8fc58aae480732e7f8fdb5bbd6c7b67b329ce9d5
346c4bdd618a7bda16c4298591f7d9d5d2de69b031c98a9720ce03e482129eea
2a8c90837c9111bfdea7eb357b2346471d18a7bc74778ca8f9cb6322112a55f4
042138804cfe14b527e922e0256c35ce3ef305701a2b309475b9656ebbc52342
24685ae80833bb2a534ca942681d445795038cbb83be3bb19844c17a7a4b6398
1a88779e8e9a622d5ca5afb2a67d6f979f32e02abf8fbde4e5070c90a5b7972b
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trickbot
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.