MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6c4351f71620b31a44371350bd9dc1f7e581a8dd0506691eca6f9ed9d1d41732. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
TrickBot
Vendor detections: 7
| SHA256 hash: | 6c4351f71620b31a44371350bd9dc1f7e581a8dd0506691eca6f9ed9d1d41732 |
|---|---|
| SHA3-384 hash: | 0a211a841189800194d5b69f61649d4556cba2462bf1f9a25e204823644c988e60ebf19b015facce2d1368022024a49a |
| SHA1 hash: | aa836180c50ddba9d93e3a757ce31caa396b60ad |
| MD5 hash: | ec54f8dc5c52b45031e0dae26410882c |
| humanhash: | black-chicken-ink-seven |
| File name: | 6c4351f71620b31a44371350bd9dc1f7e581a8dd0506691eca6f9ed9d1d41732 |
| Download: | download sample |
| Signature | TrickBot |
| File size: | 675'840 bytes |
| First seen: | 2020-11-15 22:40:47 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | ba56e34e8a22ac91a660555598e60e39 (5 x TrickBot) |
| ssdeep | 12288:lX0C85G0LWEdC6uRotBWmRBUU8vg0whwRKCV50robF7z:ln85NzADRyBtBUUP01RKC8EbF/ |
| TLSH | 1AE4CF123AE2C076C29655324ED6CFB9B2F5E9508B7266C7B7C40F5D7E34AC0963630A |
| Reporter |  seifreed |
| Tags: | TrickBot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% directory
Sending a UDP request
Delayed writing of the file
Deleting a recently created file
Launching a process
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.TrickBot
Status:
Malicious
First seen:
2020-11-15 22:41:34 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
5/5
Result
Malware family:
trickbot
Score:
10/10
Tags:
family:trickbot botnet:tar2 banker trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Trickbot
Malware Config
C2 Extraction:
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
Unpacked files
SH256 hash:
6c4351f71620b31a44371350bd9dc1f7e581a8dd0506691eca6f9ed9d1d41732
MD5 hash:
ec54f8dc5c52b45031e0dae26410882c
SHA1 hash:
aa836180c50ddba9d93e3a757ce31caa396b60ad
SH256 hash:
4c15d9ba5c60923f601828004fa067e20d955cec58157d3f1497d4c2007ba114
MD5 hash:
a5203a4ffdf5f52877dd56ec1004dd54
SHA1 hash:
19d82fcd865abd8030c57359cecc303c9ba7f66c
SH256 hash:
b881ee8159e9978164801bed29bbf2da206c5fc1213ffcb7bdec6c57516c92d7
MD5 hash:
fae33903288952ef492e83cdd6a13919
SHA1 hash:
c7527dae5a3a22edbeca2424f6da7374848215df
SH256 hash:
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5
MD5 hash:
8f8226f3671db4833a9e091d3ad25b07
SHA1 hash:
caa16573f44e49e30079ba1fced6d6ef16eb8969
Detections:
win_trickbot_a4
win_trickbot_g6
win_trickbot_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.