MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54f6fe3e63891e2c0b925cf17385c6df56d824cee163111e93fef76c6476a535. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54f6fe3e63891e2c0b925cf17385c6df56d824cee163111e93fef76c6476a535
SHA3-384 hash: 8332664bad6f3106c713f2f9cc71a01f6a516382ecec9bba02de920b413c7153d6ea4ed232f8f63beabd736b9aa7d6ae
SHA1 hash: 0d58596ec23e23bfeb1ebd95fcaf89e9b2afe08f
MD5 hash: ee6d7f80f549e9700b0e2d9b7e88aa53
humanhash: robert-tennessee-utah-lactose
File name:ee6d7f80f549e9700b0e2d9b7e88aa53.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:444'928 bytes
First seen:2021-04-08 08:08:53 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 0ef5edd9269443eca0b9e347932dacef (1 x TrickBot)
ssdeep 6144:l+XiqDElbOqL001espG5+hYg77ynYeRXZCkmfc7jTeGv83cy77flMMH:l+t0bOqLRI9OH2Y4Qkh7BUPiM
Threatray 3 similar samples on MalwareBazaar
TLSH FC94E0123A81C539D25E24798A664B214F6DAC122F70E0C3A7F47E6EDEB43D15F342A7
Reporter abuse_ch
Tags:dll rob45 TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/133098/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
TrickBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/669754
Behaviour
Behavior Graph:
n/a
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/54f6fe3e63891e2c0b925cf17385c6df56d824cee163111e93fef76c6476a535/
Threat name:
Win32.Infostealer.Trickster
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 16:13:51 UTC
AV detection:
5 of 29 (17.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kt3p4ptdrepcyc4sltyxhbog35lnqjgo4frrchut733wyzdwuu2q._file
Verdict:
unknown
Similar samples:
1e472b9de49871cbf3a381b560312a55163a196213329fdae34f4bbae6dd9d20
TrickBot
e7b39232c063101a0709ad7527be0efe62837da298bb16b2fac9a8ffadc7cf0c
TrickBot
fd3af0e7890546cc6e6ee828df5a31a4c88c587f968b0298a672b703bf71b7e4
TrickBot
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:rob45 banker trojan
Link:
https://tria.ge/reports/210408-1ywh9644xa/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Trickbot
Malware Config
C2 Extraction:
89.250.208.42:449
182.253.184.130:449
31.211.85.110:443
85.112.74.178:449
102.68.17.97:443
103.76.150.14:443
96.9.77.142:443
91.185.236.170:449
87.76.1.81:449
91.225.231.120:443
62.213.14.166:443
81.95.45.234:449
148.216.32.55:443
109.185.139.90:449
202.166.211.197:443
196.41.57.46:449
84.21.206.164:449
190.122.168.219:443
77.95.93.132:449
41.77.134.250:443
87.116.151.237:449
185.205.250.162:443
103.9.188.23:449
78.138.187.231:443
138.185.72.142:443
173.81.4.147:443
31.134.124.90:443
200.90.11.177:449
5.59.205.32:443
Unpacked files
SH256 hash:
2e0429aafedd060e0d39d97e867c8e36faba47c18dde0510b3c921fc59681772
MD5 hash:
f317021ba2c5392b7479ae484c60adab
SHA1 hash:
19ea351ee7d40dbf29c34d239602e7904f9ef2ab
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/d9b052a8-ff97-4c60-a5f6-73e540c03e1e/
Parent samples :
e7b39232c063101a0709ad7527be0efe62837da298bb16b2fac9a8ffadc7cf0c
54f6fe3e63891e2c0b925cf17385c6df56d824cee163111e93fef76c6476a535
SH256 hash:
54f6fe3e63891e2c0b925cf17385c6df56d824cee163111e93fef76c6476a535
MD5 hash:
ee6d7f80f549e9700b0e2d9b7e88aa53
SHA1 hash:
0d58596ec23e23bfeb1ebd95fcaf89e9b2afe08f
Link:
https://www.unpac.me/results/d9b052a8-ff97-4c60-a5f6-73e540c03e1e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/54f6fe3e63891e2c0b925cf17385c6df56d824cee163111e93fef76c6476a535

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

DLL dll 54f6fe3e63891e2c0b925cf17385c6df56d824cee163111e93fef76c6476a535

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1103746/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/133098/

Comments