MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b01e80fb0fb3746e3b75d29977f48cb476143bf46e8148359f5731efd880eb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b01e80fb0fb3746e3b75d29977f48cb476143bf46e8148359f5731efd880eb1
SHA3-384 hash: a8c1066d08de12b548e40fccd26fcd227f90783a4971f52662dad6dbd7dfe3dc46052f58cdab16291aaa77be5f129b25
SHA1 hash: ebb8b9e6796b40ef211032d39f7d9fed3a28f6cd
MD5 hash: d417515668623ccd9b590ab06690416a
humanhash: uniform-football-twenty-asparagus
File name:d417515668623ccd9b590ab06690416a.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:593'979 bytes
First seen:2021-09-28 11:31:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 675872e23dfc0f62ffbc2f69c316f4bc (22 x TrickBot)
ssdeep 12288:671bBfnoWMPARHSGwdGnmrAz9zC0mtwYHDkrchSJkZu06R:obBfnoWoFrAzEwrMuj
Threatray 3'901 similar samples on MalwareBazaar
TLSH T1E8C4BF3574E08DB3D1A315319AFC1BE963E4ACD187E6628F4F803F1D393D299B52A216
File icon (PE):PE icon
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter abuse_ch
Tags:exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d417515668623ccd9b590ab06690416a.exe
Verdict:
Suspicious activity
Analysis date:
2021-09-28 11:34:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8238afc2-07e4-4a9f-93ae-2a658971bc76

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.Crypterx-9896740-0
Create hunting rule

Win.Trojan.Ulise-9896859-0
Create hunting rule

Win.Trojan.Ulise-9896862-0
Create hunting rule

SecuriteInfo.com.Trojan.Agent.FNJS.16625.14170.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Malware family:
TrickBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0c4afdbe-9488-4ef1-8bbd-a24b2af0c67a
Result
Threat name:
Unknown
Detection:
unknown
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/859775
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3b01e80fb0fb3746e3b75d29977f48cb476143bf46e8148359f5731efd880eb1/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2021-09-28 11:32:07 UTC
AV detection:
22 of 45 (48.89%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0a186671477b6796f1df9ba4bca54147761fedf6284a0d88caabe83b8502e684
TrickBot
1846bc537e84c6ad4b8556b51ca0f9fa9e5b4037182fd8350cb9f783caa90d4c
TrickBot
6d3fa9881526cd25b4b6c1b3d765ca0627ff07432e8744ac171153d5ab5c43a0
TrickBot
7aa215495949e721b9ae8b3b28cb728ac3b3240438e67f2cc4f3be2711d3d319
TrickBot
830bcde611388becedda291ae07594e0c1fde7f2e9ad2737a565e03b928888e2
TrickBot
d57ab1032a5e45e83d3b63f0e8baf588393d7f67065b41807184e76d6f962f77
TrickBot
d5841612d37dc3f713e02b4ae2e71266aa504741f17891445a699a27bb32d0d1
TrickBot
e8f75b721aac3341f4dd3a258ec5b4f4beeab809815a20534942acf49e6ebba4
TrickBot
f50b51b633835edd334b8627e2cac0571b856212ec2580a7aeb149bd27066255
TrickBot
f61db22354e7f73c3bdcd0465608a2c27e182426bc1b1cafd3e2e134965fe7eb
TrickBot
+ 3'891 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:lib153 banker trojan
Link:
https://tria.ge/reports/210928-nnbbdsbhgj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Trickbot
Malware Config
C2 Extraction:
179.42.137.102:443
191.36.152.198:443
179.42.137.104:443
179.42.137.106:443
179.42.137.108:443
202.183.12.124:443
194.190.18.122:443
103.56.207.230:443
171.103.187.218:449
171.103.189.118:449
18.139.111.104:443
179.42.137.105:443
186.4.193.75:443
171.101.229.2:449
179.42.137.107:443
103.56.43.209:449
179.42.137.110:443
45.181.207.156:443
197.44.54.162:449
179.42.137.109:443
103.59.105.226:449
45.181.207.101:443
117.196.236.205:443
72.224.45.102:449
179.42.137.111:443
96.47.239.181:443
171.100.112.190:449
117.196.239.6:443
Unpacked files
SH256 hash:
c5fa33baf2b0fbd7b4871fb271ad91954316f36dc26a17159e5ea51ac05ec9c6
MD5 hash:
364e5957c6dea5c8b7e43667da1bba6e
SHA1 hash:
83ca7d4edba84acb06e334d45892631077d0226f
Link:
https://www.unpac.me/results/c7ea0029-d63a-4c16-9938-3f893ae1033e/
SH256 hash:
effebffeca782db35ef7561ad17bb9d56d6208f3102ad277be6f6e695a54a11d
MD5 hash:
474a49f0b815124bb2f088c7855e85e2
SHA1 hash:
6ecdc22b7a2872513e46caf33edd8f4f9395844f
Link:
https://www.unpac.me/results/c7ea0029-d63a-4c16-9938-3f893ae1033e/
SH256 hash:
40552c7a11af6d138254d314477673698407193d8bb8d34e82d0fec2898dfcef
MD5 hash:
b44523e1b01b647e92fa0e78c168cf02
SHA1 hash:
39e780e8293ed327cddadc039fc0eee5f31f06b4
Detections:
win_trickbot_g6
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/c7ea0029-d63a-4c16-9938-3f893ae1033e/
Parent samples :
f61db22354e7f73c3bdcd0465608a2c27e182426bc1b1cafd3e2e134965fe7eb
0a186671477b6796f1df9ba4bca54147761fedf6284a0d88caabe83b8502e684
d57ab1032a5e45e83d3b63f0e8baf588393d7f67065b41807184e76d6f962f77
e8f75b721aac3341f4dd3a258ec5b4f4beeab809815a20534942acf49e6ebba4
6d3fa9881526cd25b4b6c1b3d765ca0627ff07432e8744ac171153d5ab5c43a0
830bcde611388becedda291ae07594e0c1fde7f2e9ad2737a565e03b928888e2
3b01e80fb0fb3746e3b75d29977f48cb476143bf46e8148359f5731efd880eb1
be73990affb5a559127094b6869889e821b872eeb774940af74b44ee3b503054
SH256 hash:
3b01e80fb0fb3746e3b75d29977f48cb476143bf46e8148359f5731efd880eb1
MD5 hash:
d417515668623ccd9b590ab06690416a
SHA1 hash:
ebb8b9e6796b40ef211032d39f7d9fed3a28f6cd
Link:
https://www.unpac.me/results/c7ea0029-d63a-4c16-9938-3f893ae1033e/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/3b01e80fb0fb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.19
Link:
https://yomi.yoroi.company/submissions/3b01e80fb0fb3746e3b75d29977f48cb476143bf46e8148359f5731efd880eb1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe 3b01e80fb0fb3746e3b75d29977f48cb476143bf46e8148359f5731efd880eb1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1641957/
  
Delivery method
Distributed via web download

Comments