MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d01ee99d5c720b96cc5d8d468305ad87fd0cb0e3730fd907f74a27d13239a06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d01ee99d5c720b96cc5d8d468305ad87fd0cb0e3730fd907f74a27d13239a06
SHA3-384 hash: f894fa288c1b669ed29dc6457168e1951e59d4d743a225836cc10bdd5a91f0c6ec363cdf41108386b996d9a201911a29
SHA1 hash: 99fc56925736b77d602d3eafeab347da4a2af9c7
MD5 hash: 231c4df292373b85219b4fdc963cfd27
humanhash: mockingbird-magazine-ack-leopard
File name:Oj.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:258'048 bytes
First seen:2020-04-30 07:35:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 657a27dd8371168c8924e754a9d0608e (1 x Loki, 1 x TrickBot)
ssdeep 3072:d2TUkAvdg0ePBz2JQCVGf1vxnQkjtfUUvKO806f:d2SvdgnzDjJVtfRvK
Threatray 297 similar samples on MalwareBazaar
TLSH 2144F0C58FF462EFC63404F182327E7187AB6F252E38614A292A72FA5537B53A507C06
Reporter jarumlus
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

Win.Dropper.Sodinokibi-7052937-0
Create hunting rule

Win.Dropper.Sodinokibi-7052938-0
Create hunting rule

Win.Dropper.Sodinokibi-7053036-0
Create hunting rule

Win.Malware.Nymeria-7168557-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2019-05-10 14:32:34 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
33 of 45 (73.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
azorult
Create hunting rule
trickbot
Create hunting rule
Similar samples:
0030717c09c6bcbe9db0f9837ac85415e0bc3762ec9a8f131f7f6920193582a3
TrickBot
28558516b6b4912e36105c566322d9e4a47a0fca0847c55227683c51834e98e9
TrickBot
6a0a4894127b64d80992079cbcce8ab2b6998e65ac8dca03259697db83dc9332
TrickBot
7fb195bc96bd220998dd778dd9e6fcb70320102bbb8656d4c765800ad8d9bb83
TrickBot
8480058fc20ebfef47d1ebccbb54b88f656715b99c2d4e80ad46b05906ff4dbe
TrickBot
c82a750c5a0dcc2a923f97b3bfbba13fd302144fdcdab020f7c7c94e24892807
TrickBot
ce974c7e36a7933cdac1489c1b338eeabc04f0f418a67983012258ec914ec4ec
TrickBot
e9a35c488c49d24c11d3d82d548c984f11f0987ba4ae47ac30409f2dc28508f7
TrickBot
e9c42b737c586759102817b5922701598ec9c9256b36cf5fc28782fa09016ca4
TrickBot
f2a18a286d8a68eaf280b6e43c166cbb36e0c96866e131cca9dcd9b30b395a84
TrickBot
+ 287 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe 6d01ee99d5c720b96cc5d8d468305ad87fd0cb0e3730fd907f74a27d13239a06

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/194140/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments