MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8
SHA3-384 hash:	1574d729029eba37e86d2c92b5e62142ddb375dcae33f080c92a34841e9eb0daa7a754dd2074579118e900f5f667993c
SHA1 hash:	2661fbde4a581eae18015356f7ec1b09655a820e
MD5 hash:	15d0e2354886250a548aa62ac876a0f6
humanhash:	eight-mirror-red-harry
File name:	SecuriteInfo.com.Trojan.Trick.46529.9186.22359
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	696'371 bytes
First seen:	2020-03-18 09:52:23 UTC
Last seen:	2020-03-18 10:04:41 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	facac38a79f5f77491948b84ce8584cc (11 x TrickBot)
ssdeep	12288:f5ba2SroKa5pwYM30A25cyDbXHELnUimJX+kdagdThKk/A6Mq:NSfaM30A25Amn/VUjq
Threatray	2'865 similar samples on MalwareBazaar
TLSH	E6E46C2A65346423D1D244718EA6D378AD28BCD271826C4F3DC17D0867B3C93B9B5EEE
Reporter	SecuriteInfoCom
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

105

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Trick.46529.9186.22359.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Trickbot

Status:

Malicious

First seen:

2020-03-19 03:56:14 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=o3w7b27kthhqp723xeabspco7ic6s4ocxqqjp3dq2xsuvv5t3tua._file

Verdict:

malicious

Label(s):

trickbot

cobaltstrike

TrickBot

34df4fec6798befd9aa30d72fe35f258f36e70e787cc1a8554de86ba8632a312

TrickBot

497eebb26dbf500508b344dec05bbadb1e0421d77be6defc150bce9f88ea37b9

TrickBot

764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb

TrickBot

814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3

TrickBot

841fccdc97e1f86bd50c1437517ce63c0969598a2aafd3064fd950b6d9bebd9d

TrickBot

c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58

TrickBot

da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac

TrickBot

de064838cb87ab944c6a43f9ccfe42875ec2d4e0de7ecb3d61b92d3dcb44c5a9

TrickBot

f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259

TrickBot

+ 2'855 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample