MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269
SHA3-384 hash: 92b879b805805c3b1e1c09617afeb2dfc71e2956afe879d1cb7f9c3f4ba38eb09d96814ae0ea342120ea7f473d5ea896
SHA1 hash: a5cfcaf23b8c4ee9bf41d3313c1fc23165b412bc
MD5 hash: fd31b33bb492105756ba62d90b40b963
humanhash: seven-table-minnesota-speaker
File name:45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269
Download: download sample
Signature TrickBot
Create hunting rule
File size:357'864 bytes
First seen:2020-06-05 10:05:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e9c0657252137ac61c1eeeba4c021000 (53 x GuLoader, 26 x RedLineStealer, 17 x AgentTesla)
ssdeep 6144:0tZVS1aJWz9SNW12Tjzkwtlc9SbmQDE/ZiLJfKNBkNIH0A+N:cOaJWzANICdtlc9Sy0EBiNf/L/
Threatray 165 similar samples on MalwareBazaar
TLSH 887423C61B90E5D7E9E31FB028B0CC17AFB6634B54968A090B08E7957E173435B9E383
Reporter raashidbhatt
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.42220477.4087.19311.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ludicrouz
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:38:30 UTC
AV detection:
20 of 30 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0af65c358ae4d3f9db0fc6229e3fd6451c80b6143e0cfb56bdba9d36621ed584
TrickBot
3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
TrickBot
5524ff68db56a342888695eaef74d2c73cbd6b612e49a6204a6cf4eef35072f8
TrickBot
5e81e0f0aa8ff34a845b62472a3d2a83fa43ee47819dbc841d8004b64ffd79fc
TrickBot
670d05296e29183d8f292c1fe61003bb8bc608c5ee4916c68996b4f64e587622
TrickBot
8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029
TrickBot
e050425e51b6c04333e0b93b6a9e30b454adec91161e010f24c2b2b7be451279
TrickBot
e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b
TrickBot
ed324d9ae6fff04a11e230c45999de1deac96cae2dce42dfb1661413fb00c8d8
TrickBot
f241b9ad9deb20f65e777ea5349b27ca5c70e74c1ca7d82413bcf0b03b8054c8
TrickBot
+ 155 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/201109-xeclpzwnbe/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Cobaltstrike
Malware Config
C2 Extraction:
http://ec2.amazzed.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments