MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ec83ed1df7dbbfa74360d41974f1109e7a341e02c2ac3648271f50edae3dcc0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ec83ed1df7dbbfa74360d41974f1109e7a341e02c2ac3648271f50edae3dcc0
SHA3-384 hash: f988ad413ab3169994c1f19d8812222a85ebe77e6aa1a20bdd68acff71bdb2a1072d109ca1a5021f0674c259145c5605
SHA1 hash: 47efc0c4555d1662f16a79dcaee0cfd056333b9e
MD5 hash: f02e738933353cde171d3a10c6e15da9
humanhash: wyoming-solar-fillet-crazy
File name:f02e738933353cde171d3a10c6e15da9.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:303'104 bytes
First seen:2020-12-10 10:31:51 UTC
Last seen:2020-12-10 12:31:57 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 87ebdda998fdaf3266df9c4ebdea3700 (1 x TrickBot)
ssdeep 6144:OV4M4QxPBvZMkeVpVzNIPG2YsP64Wkp2p8:S40ZMkepzNIVYsiAQp
TLSH A55401003823C073F0090A3545D687C6AFFE6D137BE6A16FFF9517696E91091A2B66F2
Reporter abuse_ch
Tags:dll TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3ec83ed1df7dbbfa74360d41974f1109e7a341e02c2ac3648271f50edae3dcc0.zip
Verdict:
No threats detected
Analysis date:
2020-12-10 11:56:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/097b6be8-786e-405e-ad7d-c68179b0bb51

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107619/
Detection(s):
SecuriteInfo.com.Trojan.Downloader.Zlob.ABWX.27942.2554.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/559924
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 329058 Sample: YEkUGz35zN.dll Startdate: 10/12/2020 Architecture: WINDOWS Score: 48 28 Multi AV Scanner detection for submitted file 2->28 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 8->12         started        process5 14 iexplore.exe 2 84 10->14         started        dnsIp6 26 192.168.2.1 unknown unknown 14->26 17 iexplore.exe 5 167 14->17         started        process7 dnsIp8 20 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49762, 49763 YAHOO-DEBDE United Kingdom 17->20 22 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49764, 49765 FASTLYUS United States 17->22 24 9 other IPs or domains 17->24
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ec83ed1df7dbbfa74360d41974f1109e7a341e02c2ac3648271f50edae3dcc0/
Threat name:
Win32.Trojan.Emotetcrypt
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 19:28:35 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/201210-y91zz6de4x/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Unpacked files
SH256 hash:
3ec83ed1df7dbbfa74360d41974f1109e7a341e02c2ac3648271f50edae3dcc0
MD5 hash:
f02e738933353cde171d3a10c6e15da9
SHA1 hash:
47efc0c4555d1662f16a79dcaee0cfd056333b9e
Link:
https://www.unpac.me/results/a137ba2c-998a-4f15-bbd1-626795b2edaa/
SH256 hash:
450d3e896a31e905d466a687f6083f9a5ec0abb115d07b454bbcfaf1b5d21312
MD5 hash:
7fce2118e88cbe8fac879416ca2d4cbf
SHA1 hash:
00bd9a78092d10864e10b6d8ca3b2c5c8e91cc8b
Detections:
win_trickbot_a4
Create hunting rule
Link:
https://www.unpac.me/results/a137ba2c-998a-4f15-bbd1-626795b2edaa/
SH256 hash:
1472584860d3a5ecde13de774cb0e74acc1236b95a8666a4c6a96733f6c42185
MD5 hash:
32082fb638b07212a89af50fc9f5728c
SHA1 hash:
422ac8f2b250e0ec953eb7163e3f05cbdebe536e
Detections:
win_trickbot_a4
Create hunting rule
Link:
https://www.unpac.me/results/a137ba2c-998a-4f15-bbd1-626795b2edaa/
SH256 hash:
58a2e51a7dbb5f44a65d3b2f415b35d61e8a95d2f3df90e30d14bc00f2b804b1
MD5 hash:
0810c7c4090f98e302f362d65846f28a
SHA1 hash:
54cd2b6bfb0eb087dfc8146308c1fada6e2cc717
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_g6
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/a137ba2c-998a-4f15-bbd1-626795b2edaa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zlob
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3ec83ed1df7dbbfa74360d41974f1109e7a341e02c2ac3648271f50edae3dcc0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

DLL dll 3ec83ed1df7dbbfa74360d41974f1109e7a341e02c2ac3648271f50edae3dcc0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/902877/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107619/

Comments