MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fee0f3adb6bb5a3ed22ad960709a87893e2512d099f6c8c39946097d9a4122b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fee0f3adb6bb5a3ed22ad960709a87893e2512d099f6c8c39946097d9a4122b
SHA3-384 hash: 9c51707408be7904a795ab51c4f596469d6c0056073f8c7578695977cc12f20554fe0f9da67e16c4905a8107b3319cc5
SHA1 hash: b9973c6a5fda7c1a8f50afa1e822346e2ce39dc7
MD5 hash: 234efc055e93b433e41d555fb37736e1
humanhash: alanine-colorado-lithium-california
File name:APSLVDFB.bin
Download: download sample
Signature TrickBot
Create hunting rule
File size:311'296 bytes
First seen:2020-09-16 14:37:20 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 6514eeb9c390237a208dc293365d2e1a (1 x TrickBot)
ssdeep 6144:cli1MgbKHwKrA3lSp6OenduljqMg9rektFXwpY7ks3m64hr+utHC/HCBqkTc:EAbKHnrWOmQlfgdFgoOnrpti/H7kTc
Threatray 2'862 similar samples on MalwareBazaar
TLSH 6B64021A728DC2BED96E01302E25872AA3BDBD711DE0C5474FA6374E5E306E0DD2721B
Reporter JAMESWT_WT
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
223
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/61068/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Connection attempt
Unauthorized injection to a system process
Result
Threat name:
Trickbot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/468040
Signature
Allocates memory in foreign processes
Delayed program exit found
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected Trickbot
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7fee0f3adb6bb5a3ed22ad960709a87893e2512d099f6c8c39946097d9a4122b/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-09-16 00:46:07 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p7xa6ow3no22h3jcvwlaocnipcj6eujnbgpwzdbzsrqjpwnecivq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0837c3f2451e2f7336d5792d605c03de41fddd56d5dfdea5341171bcd2280f70
TrickBot
1b698518280090e4d877381d3a0532c9c51152e3d4fd834a375f678078844cf2
TrickBot
1cec793bdbe8c3f94fc6e0a02186eff8993f707379e068e9d80d4397f0bb308e
TrickBot
1e1da255c1ecdcaf2cb18202ecac91736e0f199d38fe44faa6cfea88b2c86753
TrickBot
4a97c7666ce53a862a84873ad6bcfcd84b5cddd216ac6aa4f15998802d90f94e
TrickBot
630e4e8620f28bb5ed7f78ba8a236a7e1cd6cfadd5ce7aee9b6937193e7574ee
TrickBot
7a0a1fe93873de08a415f79240bc26d7b18926bb591fff89bb1944c219ee2245
TrickBot
d0b0128d24a25b29532b803be12bae982fb05a2c4583bd9e7a1dcf1601fad4fb
TrickBot
d659fb6facf4ba90a143e30301658a988585358b35f91ad13c591a3b87fbe2f6
TrickBot
e1aab15a9cc40ad7d6a6a9a05aa4b7c246c109537b4b1f0240f483bcd2209b97
TrickBot
+ 2'852 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200916-jybgmv1ra2/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Emotet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7fee0f3adb6bb5a3ed22ad960709a87893e2512d099f6c8c39946097d9a4122b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/61068/

Comments