MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5
SHA3-384 hash:	82ba67a8a18e97704d25e359f68560120f6f47c28225b688dadd2c4ce850ff5cfb61ae6e3940048a7d80dc6755f13e86
SHA1 hash:	7cf17af35ec4733292694ed3c34d6ad2aa4a8fb1
MD5 hash:	733f96559b76b9d84655bc56d4719f1e
humanhash:	october-stream-lactose-pip
File name:	crypt_da11.dll
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	393'728 bytes
First seen:	2020-07-07 12:17:06 UTC
Last seen:	2020-08-02 07:33:48 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	89ed1bc251d6c3e47d163c5f895ad913 (7 x TrickBot)
ssdeep	6144:DtAOUPwxmAO7hAOlcBUbjwvXJAgnXmbQvYtItI6+UFtPp7UUIXHG3:DKOKim34BIwvXJAevY6tIHU9gUI2
Threatray	1'858 similar samples on MalwareBazaar
TLSH	1C84DF0031D2C5B2C07E07376A996FB1416EF9104B68D9F7BB985E0D9DB4AC0B673A63
Reporter	JAMESWT_WT
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

3

# of downloads :

116

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Unauthorized injection to a system process

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5/

Threat name:

Win32.Trojan.TrickBot

Status:

Malicious

First seen:

2020-07-07 12:19:04 UTC

File Type:

PE (Dll)

Extracted files:

2

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Verdict:

malicious

Label(s):

trickbot

emotet

hawkeyekeylogger

Similar samples:

024d1e75caece924601857b3e631b56936784215267c89d4ebc20f32258fa689

1455554d5585f68ec7212a6fca985aa7e3bb1904fce6dcfbb9a0b26751cbd23e

28a1206e5a8f79a94835e929ebef98ed896293513afbe427efe14371d6a8134f

348c1970f3ce0b20eda196db27b3596864d8e99bedf575855aa35f5b5f5fc084

5c1df1958b639f2a2fac01fc28190ac4672facd0fe523efdedf2b2a24424d409

7984df6018af3f340757e48e5fb6105c6476c1832c23cb3ec9e0b8a08623436e

a97d416fd7fc1f37199012e44f1d6b1946b59f7d6b92b89d38dbee74a18c7554

b4eb31112cb2d0686ea3e88ab33569a0c902cb14331bb5f12a206d6f61b6b1fe

cd327c510c630f47d64c6e7bde422574480f57f6c455d41a2b0c7072e43779f7

f89b1d7e34810a16343159b8bb4700cfa548b58e2ab589bb1c6bee3455fd5f71

+ 1'848 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200707-xj6prvsa9n/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 8423fefddbb9197ebe12a5e51fb8f06e6dc2c02d6ef68b254faba0d6a63866c5

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/22246/

URLhaus

https://urlhaus.abuse.ch/url/408619/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample