MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef
SHA3-384 hash:	c6704ee613a28cab3422c8a1ea0810d81ee4eda0df4c2a6cd8c9af41d3f9008f6e266c21f0bd5a1837e0d2937376b832
SHA1 hash:	9f79ec5e7845bd33a58124fd3d10637a20630bb5
MD5 hash:	54a315b26c66694821fb2091ef865f7f
humanhash:	venus-oscar-ink-solar
File name:	SecuriteInfo.com.Variant.Jaik.54039.20849.2721
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	675'872 bytes
First seen:	2022-03-23 09:13:37 UTC
Last seen:	2022-03-25 07:07:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	52d03df79b59449977af2d99ffc5958c (1 x TrickBot, 1 x RedLineStealer)
ssdeep	12288:nBxT3SKVIC9HdFEtttJl3Mob+60MCV94D0cIegdu1oeK/lGRgOUqmq9kR6lhKXhh:BxT3ZVB9HdFQPl3M06MCV9k0DegduieE
Threatray	1'849 similar samples on MalwareBazaar
TLSH	T1C9E422C11B0D4352EAA798FC24BAEA072B35966E7C51C677330AB213EF35AB06D4161D
File icon (PE):
dhash icon	f0f8e8ccd0e4e4f0 (1 x TrickBot)
Reporter	SecuriteInfoCom
Tags:	exe TrickBot

Intelligence

File Origin

# of uploads :

2

# of downloads :

231

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/255888/

Detection(s):

PUA.Win.Packer.Asprotect-3

SecuriteInfo.com.Variant.Jaik.54039.20849.2721.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Unauthorized injection to a recently created process

Creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/623ae4fdb94fb38cb4d7f5b1/reports/f12448dc-5bb8-40f0-ad3b-cafc22a1b51d/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/962708

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef/

Threat name:

ByteCode-MSIL.PUA.ProcHack

Status:

Malicious

First seen:

2022-03-23 07:53:39 UTC

File Type:

PE (Exe)

Extracted files:

20

AV detection:

28 of 42 (66.67%)

Threat level:

1/5

Verdict:

malicious

Label(s):

trickbot

Similar samples:

05963059249f086c08d8487b82e08f4e6ba91ec4391484cf2bf54258aa2e6a64

23db5a11dc6193a946e447bc1b53252b81609b92a0621ac9bea466bd75496862

36ed7e4e8dfce10773b1b1f1b7302e80d38bfd75d7c35bc5da2abf9a8a0b99e3

387908fbfd34eb7d61e59518225543db7b5a7aa7beb1b6b8070778dd31705ed9

57933bc5c60de83fddbc7a2c6522e6481c9e684e342fed86a4c38bf08c4a6b0f

5a37e85ddf1b693cb2e938710a4fc0cea30062eb784ad5b8cecd0d1170d5da6f

60e6e0f067230326553fef06a25719c538bc8bd9c9a2de543adc3d846e121672

6ccf16f1d1a495de9f5e7c1b60dd09da612ba2355887ebeb56cc1cacb5d64a5e

c8074bbd7806f4137955b66067595f70cf0086b0bd7670cf90541bb30122dd87

+ 1'839 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/220323-k7jv4afgaq/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of SetThreadContext

Unpacked files

SH256 hash:

ffed1648c295116f9a8710d3a06d26972a010691ce706a7150ea708d886222a7

MD5 hash:

190f1527c9ffeb45aa3f5680cce9ffcb

SHA1 hash:

b41f80965f55f6c71ef42b7fb0b57dbc9f9b0f3b

Link:

https://www.unpac.me/results/64262615-3261-42b8-aded-d8493c605960/

SH256 hash:

054ea42bb7cad39909df288a254949e1cbe7569d6bd672597d5ee785d661c868

MD5 hash:

71c7c52ec5aa27baf66020602c3d85b5

SHA1 hash:

49afde489f1abb459209be05b7f87720c1abe063

Link:

https://www.unpac.me/results/64262615-3261-42b8-aded-d8493c605960/

SH256 hash:

4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef

MD5 hash:

54a315b26c66694821fb2091ef865f7f

SHA1 hash:

9f79ec5e7845bd33a58124fd3d10637a20630bb5

Link:

https://www.unpac.me/results/64262615-3261-42b8-aded-d8493c605960/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2111831/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/255888/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample