MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3
SHA3-384 hash:	91b62dabae8d835f0b0836a56c3f4d9be4dd6f202718229b6be3d4389c843803ae204105147a199d90a8bffcbd3f4668
SHA1 hash:	d9b0112ca5f3a153dc2eee4b7bde8f4a61276f18
MD5 hash:	6b5223cc15661e1afe1addb5ba7b748b
humanhash:	pasta-fruit-artist-mobile
File name:	814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	354'304 bytes
First seen:	2020-03-17 15:01:02 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1fa7de044d101ae7b8b5e966caaa40af (2 x TrickBot)
ssdeep	6144:7xB5mIOOjfZvpSjn3GwZLEMT4U+XYSRwvWu7qM2iBApNnT7rVT1dUMtJv:ldpSD3GEwMTOXqf2Ttzd
Threatray	2'712 similar samples on MalwareBazaar
TLSH	2474F202FFE2D8B5CA4A4334B53AAA8AA13FF82947419ECB37D1527D2CD13D26C75164
Reporter	srcr
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

103

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Inject3.36365.14102.18131.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Trickbot

Status:

Malicious

First seen:

2020-03-17 09:12:05 UTC

AV detection:

25 of 30 (83.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qfgbo4fknzayeexo5rvfc4fbvoricnyhkc5sfucavt7mkrglgtrq._file

Verdict:

malicious

Label(s):

trickbot

TrickBot

546ba5ce0a83d3dbc31ee21e174438c9e3794834de8d11a47f04f1ce005cd67d

TrickBot

764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb

TrickBot

841fccdc97e1f86bd50c1437517ce63c0969598a2aafd3064fd950b6d9bebd9d

TrickBot

c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58

TrickBot

ccdc04adce0627519bf39c6491765a6c61b1ee62e188e4a329aee529623c92b8

TrickBot

d494077303e7a373e64379d2b7bb80695809d3c9c64c993d324775f33d8b798a

TrickBot

da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac

TrickBot

f4001d5fcb0c67c66b6c2df8f1b1bf173b9b25277c72916105b424137bc90a9b

TrickBot

f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259

TrickBot

+ 2'702 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/325943/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetStartupInfoW
WIN_USER_API	Performs GUI Actions	USER32.dll::CreateWindowExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample