MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4013945c4997c0c02b6d094186dde0ae4fa499bc33afae5bbbc0207f2754fe39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
TrickBot
Vendor detections: 8
| SHA256 hash: | 4013945c4997c0c02b6d094186dde0ae4fa499bc33afae5bbbc0207f2754fe39 |
|---|---|
| SHA3-384 hash: | 1bc8bc85ee7092267ece300ff37253422ed3434f1a62b24e36b22b856aeac4f7bf5a8bd421f96cb4acb7f71b48d18dc9 |
| SHA1 hash: | bdbe4484f568f3b518513191d577edcc0150b7b5 |
| MD5 hash: | 0da9b790450c4331df8accbb89c6f651 |
| humanhash: | finch-bulldog-oregon-mockingbird |
| File name: | ono80.dll |
| Download: | download sample |
| Signature | TrickBot |
| File size: | 348'160 bytes |
| First seen: | 2020-10-09 17:42:27 UTC |
| Last seen: | 2020-10-10 14:10:16 UTC |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | e2105d10391dded7493fe68d200631d7 (1 x TrickBot) |
| ssdeep | 6144:9F6V5IgE1hsqZcUgKhVD16BuhO+tqWoKIflv/JLeE+1ctvja3lA594:Xq+gKZcahX64hOZnJLEibaVA594 |
| Threatray | 43 similar samples on MalwareBazaar |
| TLSH | 3274E102F2E18574F1AE0A3E09A65B151B7ABC10DFB09ECB6B50764D9E71BD09D3B306 |
| Reporter |  James_inthe_box |
| Tags: | dll TrickBot |
Intelligence
File Origin
# of uploads :
3
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
10 / 100
Behaviour
Behavior Graph:
n/a
Threat name:
Win32.Trojan.TrickBot
Status:
Malicious
First seen:
2020-10-09 17:42:15 UTC
File Type:
PE (Dll)
Extracted files:
37
AV detection:
21 of 29 (72.41%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Similar samples:
+ 33 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Score:
10/10
Tags:
trojan banker family:trickbot
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Trickbot
Malware Config
C2 Extraction:
131.153.22.145:443
62.108.35.29:443
45.89.127.118:443
185.99.2.123:443
62.108.35.36:443
45.89.127.119:443
51.77.112.255:443
194.5.249.216:443
185.99.2.160:443
80.85.156.116:443
86.104.194.102:443
37.220.6.115:443
62.108.35.29:443
45.89.127.118:443
185.99.2.123:443
62.108.35.36:443
45.89.127.119:443
51.77.112.255:443
194.5.249.216:443
185.99.2.160:443
80.85.156.116:443
86.104.194.102:443
37.220.6.115:443
Unpacked files
SH256 hash:
68b0e54979d6e5b2aa46298dca7f2c13b33fd7634e52e8f6911d3990192a2bc1
MD5 hash:
6c3e5b36d5e235342e0717f71060156d
SHA1 hash:
5f2e8552e8476c90b29bf242f9805cbe88d02a45
Detections:
win_trickbot_a4
SH256 hash:
b05ab01ef28acc578944036d9eb7f206ed6c0323e68796850c433c5f8f6e5bef
MD5 hash:
d071915cb1adc5059feed4ab6e01a258
SHA1 hash:
617148089eadec32ab5eadba99cfbf2dd2b07c96
Detections:
win_trickbot_a4
win_trickbot_auto
SH256 hash:
018ccc3b822e10abcc3ff3d9a69d7163f12f9267d1a75462fd7da9a5d10102ef
MD5 hash:
2a1edeb36ef64965fe49e334d5f6aabb
SHA1 hash:
9f84684f51566d7c115db92dd83a1a32defda3de
Detections:
win_trickbot_a4
SH256 hash:
385b0840c5ea776c62441fceeb23fd52c5d50d598f500f01a9a2fa66872b0d22
MD5 hash:
fe0956b248484657d7eaebf4279a2f9f
SHA1 hash:
a925cf36b7ec9f5079966a5aaf7111fb10f64e04
Detections:
win_trickbot_a4
SH256 hash:
4013945c4997c0c02b6d094186dde0ae4fa499bc33afae5bbbc0207f2754fe39
MD5 hash:
0da9b790450c4331df8accbb89c6f651
SHA1 hash:
bdbe4484f568f3b518513191d577edcc0150b7b5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.