MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fb7ee49dcc8efa9cb3eb8ed2b5a36457b19a5ec0e20f715c90a0823c3f2a53e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fb7ee49dcc8efa9cb3eb8ed2b5a36457b19a5ec0e20f715c90a0823c3f2a53e
SHA3-384 hash: 8416935a195d487462ea2eb5e8c43728850e21cad045ae8be4e2c94c309cdb3adf7be649b4ad5d5afdc371d6ae148478
SHA1 hash: 87278ee3a2707dfa38cd1c74741e67a75a668156
MD5 hash: 2d32aee6dd5235ef321b9d71894ece07
humanhash: louisiana-ohio-uniform-fanta
File name:3fb7ee49dcc8efa9cb3eb8ed2b5a36457b19a5ec0e20f715c90a0823c3f2a53e
Download: download sample
Signature TrickBot
Create hunting rule
File size:841'864 bytes
First seen:2021-07-12 10:12:07 UTC
Last seen:2021-07-12 10:58:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d993ea865c4e964c43100f81c268820 (1 x TrickBot)
ssdeep 12288:UkRvoCqyZLd50+Z79XtR5MAbkwkNdEmWu1jOAkkKTtaN:UWqUZrKmkwksmWOFKTQN
Threatray 100 similar samples on MalwareBazaar
TLSH T16E0501C7CB5087EBD80D0B3D84A39F343B74EE72A71B4B5796B872292D723902E56194
Reporter JAMESWT_WT
Tags:exe OWLNET LIMITED TrickBot

Code Signing Certificate

Organisation:OWLNET LIMITED
Issuer:Sectigo Public Code Signing Root R46
Algorithm:sha1WithRSAEncryption
Valid from:2021-06-24T04:41:54Z
Valid to:2022-06-24T04:41:54Z
Serial number: 12956e4ef1b150a6
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7ac317b8dcff5eddd10a12e8018f6c3890b470f3a095bb1c2a194f296a94c80a
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3fb7ee49dcc8efa9cb3eb8ed2b5a36457b19a5ec0e20f715c90a0823c3f2a53e
Verdict:
No threats detected
Analysis date:
2021-07-12 10:15:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b73f4dc9-4e3d-4668-a69f-556cf76d3fe1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171036/
Detection(s):
SecuriteInfo.com.Variant.Graftor.754153.15387.11034.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0cf2b3ba-b4e7-4a49-b447-07b01c6373e0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/814716
Signature
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3fb7ee49dcc8efa9cb3eb8ed2b5a36457b19a5ec0e20f715c90a0823c3f2a53e/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2021-06-24 07:52:14 UTC
File Type:
PE (Exe)
Extracted files:
46
AV detection:
19 of 29 (65.52%)
Threat level:
  1/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
10835966177c277d70fae42109ddacccea06ab0c576709e9a68ec768840882ae
TrickBot
15de7f8defad6bace8c44bd3bd7725c10c0dc8336a58a7e8d92075a651fd61d0
TrickBot
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
TrickBot
6ed0051747d0d5fbf4273b02e7267a257a82217c4b474117ea853014218b2b18
TrickBot
75b388003cc32b680abc3d9b41bc6c435af723de235eaab36a323fddcb906f62
TrickBot
799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325
TrickBot
8f327b1ce9510b718d832e0d0d38caf1aa73c3af31f6a915442f5b90015e7e6e
TrickBot
ac1b332e6958c5b81be1b747c8a30172741514ed397952e01ad174be94f112a4
TrickBot
d003e8350d5dc3823f7c415c4b901a24c5731307bb3d0f464b3630bb1e0cb2ba
TrickBot
e6902e5efb53a1de2af93809a5103603aa8115e0f80fa95ade2461947bff4c7e
TrickBot
+ 90 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210712-637dmxddf6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
1a20af1d485ce517cc24b080122b5a29cc94c54966ca3fd4e9956b0ca0f22b3e
MD5 hash:
84f1aad87a538a0ffd4edb12cd1f0adf
SHA1 hash:
1ae77f009fd8c8b67b13e190c9c607fa0b8004e7
Link:
https://www.unpac.me/results/878ebcb2-5224-4a1d-9efb-34b6d295fad0/
SH256 hash:
3fb7ee49dcc8efa9cb3eb8ed2b5a36457b19a5ec0e20f715c90a0823c3f2a53e
MD5 hash:
2d32aee6dd5235ef321b9d71894ece07
SHA1 hash:
87278ee3a2707dfa38cd1c74741e67a75a668156
Link:
https://www.unpac.me/results/878ebcb2-5224-4a1d-9efb-34b6d295fad0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3fb7ee49dcc8efa9cb3eb8ed2b5a36457b19a5ec0e20f715c90a0823c3f2a53e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/171036/

Comments