MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34873d81dc7a0468d941294a1c62f9bb9e110d0f333f55de2da41ac6ead400d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	34873d81dc7a0468d941294a1c62f9bb9e110d0f333f55de2da41ac6ead400d7
SHA3-384 hash:	f217eb1e8f7134420273d9d4e00e69ade79c8b6af33af4bce47f79cd70f1a59b39b49836edcaf3defe0d0ee9e1f6a365
SHA1 hash:	97e5ee4d0a1bb3e4f928792461a21d44e6c602c1
MD5 hash:	315c1d9bb9b4526f8c856a7e29dd4bc0
humanhash:	sierra-sink-artist-romeo
File name:	getuname7ce.exe
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	831'488 bytes
First seen:	2020-10-23 19:39:38 UTC
Last seen:	2020-10-23 20:45:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b127d87fc787c30c0ced6f90a34388f6 (1 x TrickBot)
ssdeep	12288:3Wa+/rWQy3lzwWWib6P6/s5X9ud8TiIIJnhO4tDIrtHWGRCw5TZe/SFg:CP62w9pp1eCgTg
Threatray	2'345 similar samples on MalwareBazaar
TLSH	AB057C3369A87055D19358700CB6E67E2929BCAB1D52CC8FB184FA060D7275A787F32F
Reporter	malware_traffic
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

2

# of downloads :

199

Origin country :

n/a

Vendor Threat Intelligence

Detection:

TrickBot

Link:

https://www.capesandbox.com/analysis/75138/

Detection(s):

SecuriteInfo.com.Generic.mg.315c1d9bb9b4526f.28682.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Threat name:

Trickbot

Detection:

malicious

Classification:

bank.troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/508450

Signature

Allocates memory in foreign processes

Detected Trickbot e-Banking trojan config

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Writes to foreign memory regions

Yara detected Trickbot

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/34873d81dc7a0468d941294a1c62f9bb9e110d0f333f55de2da41ac6ead400d7/

Threat name:

Win32.Trojan.Tiggre

Status:

Malicious

First seen:

2020-10-22 10:11:10 UTC

File Type:

PE (Exe)

Extracted files:

12

AV detection:

31 of 48 (64.58%)

Threat level:

5/5

Verdict:

suspicious

Similar samples:

05b662e6e0ee03a3e2b87b14fcda6e28f8e048b62f5baeb698068b85d83b1181

06e399b781a4c5a13d67764d76189854beb3699409a5c5809eede651ba0f7435

09489e108c5b049847f98b97af75418db20af15d9cd727b240b922954b626845

5ec3fca3f0fa3232c85ace8ea62056223149452b70bee259706984e2c96e1998

7eb79859f61d8c17c2311867019dca95098df7f55c0ef00580f1cf7fa904a99f

84f007e1e974a8305c3406d47d3430812f1805974f582cf2230bdf03f2c33269

8b2a8e5204ffb2fcf0b469a256a1d3b72618a66ad03ddd256210622bac56bae7

e8b03d2e2f16d44d8ce2272bb7f19c80c3006215b00624c79c204c70f54d1d83

ea5c72bce7e028a6b2f9febd90751bf0e323da00b4b0d68be2a52ed21fe2a4d0

faaa0098ad3de31c95506576653962bf783bdf347b6d22255d707561e30c5350

+ 2'335 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/201023-zktzfv4cpa/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Unpacked files

SH256 hash:

34873d81dc7a0468d941294a1c62f9bb9e110d0f333f55de2da41ac6ead400d7

MD5 hash:

315c1d9bb9b4526f8c856a7e29dd4bc0

SHA1 hash:

97e5ee4d0a1bb3e4f928792461a21d44e6c602c1

Link:

https://www.unpac.me/results/bf72e9af-3db5-422b-97d2-4d3498d03c36/

SH256 hash:

18eb933b884a7be78ee18e7c3c1d08478e24664a9761d3e03087b4bd15470ec0

MD5 hash:

5d8b3874aa117e0b9621913a14828c0b

SHA1 hash:

d64ae21d8e4169238649315e96808806cf76dded

Link:

https://www.unpac.me/results/bf72e9af-3db5-422b-97d2-4d3498d03c36/

SH256 hash:

42580302580513276049c6b3ee5ed00065845eaf5421075658d1b04a906a7e64

MD5 hash:

c1238b1a7fb40a47417af6e7d9c91261

SHA1 hash:

0aea1163d5cad796aedd5e13448720b242209f57

Detections:

win_trickbot_a4

win_trickbot_auto

Link:

https://www.unpac.me/results/bf72e9af-3db5-422b-97d2-4d3498d03c36/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trickbot

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/34873d81dc7a0468d941294a1c62f9bb9e110d0f333f55de2da41ac6ead400d7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/75138/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample