MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ab5b0ccf5b8a334be2056a5b257ca676f3afe333965a8a70b3b562b51e50f03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ab5b0ccf5b8a334be2056a5b257ca676f3afe333965a8a70b3b562b51e50f03
SHA3-384 hash: 40f38b054d06014e59b284553830c0579db08bd477f218785d02e0d960c6e3fdb827978f97939c1bd886c65a74276239
SHA1 hash: 0973bba3d7ad61a8aed32cb221da9fecc9b1cccb
MD5 hash: 5e86deb33446bee2598f3d623fb3e5e4
humanhash: cold-charlie-snake-william
File name:5e86deb33446bee2598f3d623fb3e5e4.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:438'738 bytes
First seen:2020-05-01 11:00:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d335e687ad5304dd60f36972a0a911fb (2 x TrickBot)
ssdeep 6144:hD+/X6p2VLN/2TFxV2C8nPGuX2LIh82DZ:hi/XE2Vl2x4BOuoIam
Threatray 2'888 similar samples on MalwareBazaar
TLSH 16948D490817D8C3F1293572EBFA22FE1408CE1ECFD29BCB250DB56925B91D6E842F59
Reporter abuse_ch
Tags:exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
614
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gh.12876.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Trickbot
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 06:31:00 UTC
File Type:
PE (Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hk23bthvxcrtjprak2s3ev6km5xtv7rthfs2rjylhnlcwupfb4bq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
26bdfa534ef10a0d74b5594bf044772e78e7a26acdbf2cb0dd54f7d949667511
TrickBot
2e5d88bc0b089338cd5608b1b0766efeae2f0f8cac9c573793a99b627441ff85
TrickBot
3655fd141632949c32d6f76901bd5a70e6c93576f086d1eb001924c9f22429b6
TrickBot
5f56a8ec752d443e483755830c85c7e1f3ef2a88d74f092c1079ae2d108d25ec
TrickBot
6252fd00cbd6175142cdfa3fd5f51a24ffe75433621f0b74df4d1488c2f42c29
TrickBot
65a1d633e57ac92119fce8862d0fe39b8b08470c4318f4edabbe3ada968a802d
TrickBot
6ffce7d83ccc778442be55d46cbcf967c6d606801409a62bdb00e54776f374b1
TrickBot
8a4487a3600b2d07c283f5ec0d03a96efa902e834f80ce847f57a47cd41e39fd
TrickBot
d74845201a056c4a9c7d3886f79e4fd66b899f1bd37b2e42a18ec150a8caeea0
TrickBot
f68b30807bc53ed4943d900c8f9ea82269078cde72702826747f948a8eb7957c
TrickBot
+ 2'878 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateDirectoryW
Shlwapi.dll::PathRemoveFileSpecW

Comments