MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 839fed416da07d973bd32504c2d27f69abf4a559d168393564fe2a39385f734f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	839fed416da07d973bd32504c2d27f69abf4a559d168393564fe2a39385f734f
SHA3-384 hash:	982a2ea8dd116026ed618bba35ceb496a33445046b615ed448a6c4cd1dff66f510a399945ee9c9796ff09789932c5b1a
SHA1 hash:	aa42682567fd695c87feb3b418b4e0e44fcc050a
MD5 hash:	5f58739c161bb74d81e1ee4e9c8e290f
humanhash:	nebraska-south-black-spring
File name:	SecuriteInfo.com.Trojan.Trick.46529.21276.32338
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	696'371 bytes
First seen:	2020-03-18 13:39:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	facac38a79f5f77491948b84ce8584cc (11 x TrickBot)
ssdeep	12288:55ba2SroKa5pwYM30A25cyDbXHELnUiahcjFW3iont6RTKy:PSfaM30A25AakFWyMt+l
Threatray	3'248 similar samples on MalwareBazaar
TLSH	61E46C2A65346423D1D244718DA6D378ED28BCD271826C4F3DC1BD0927B3C92B9B5EEE
Reporter	SecuriteInfoCom
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Trick.46529.21276.32338.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Trickbot

Status:

Malicious

First seen:

2020-03-19 03:56:12 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qop62qlnub6zoo6teucmfut7ngv7jjkz2fudsnle7yvdsoc7onhq._file

Verdict:

malicious

Label(s):

trickbot

cobaltstrike

TrickBot

34df4fec6798befd9aa30d72fe35f258f36e70e787cc1a8554de86ba8632a312

TrickBot

497eebb26dbf500508b344dec05bbadb1e0421d77be6defc150bce9f88ea37b9

TrickBot

764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb

TrickBot

76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8

TrickBot

c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58

TrickBot

da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac

TrickBot

de064838cb87ab944c6a43f9ccfe42875ec2d4e0de7ecb3d61b92d3dcb44c5a9

TrickBot

f83dd54e1ef97cf33c46cb9a40189f3759d6a8a7295a284c44d7b36f4a613747

TrickBot

f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259

TrickBot

+ 3'238 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/839fed416da07d973bd32504c2d27f69abf4a559d168393564fe2a39385f734f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample