MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0
SHA3-384 hash:	eac501d0a0ee511f2e81410aaa83fed888198491c71eebc5d3c1cde6722a540c5001d0f480ff2076933e64b01ed83ed5
SHA1 hash:	263f6160fef67c614db9869b67bcf311009ae6bb
MD5 hash:	8b3d6763be91ee26f3844b0f113e2a27
humanhash:	skylark-happy-carpet-lake
File name:	8b3d6763be91ee26f3844b0f113e2a27.exe
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	185'344 bytes
First seen:	2021-10-29 05:17:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	653d2db41587e1e0124e6e9c30ca0e11 (2 x TrickBot)
ssdeep	3072:9GSrVqwQITouTpXo/OXu3FUF/pstBaDqwONnct437Bl3N2UL8n:DQwQSl4rVUF/p/uwONct43j92U
Threatray	4 similar samples on MalwareBazaar
TLSH	T1BA04BE22A6D40455E49BEFBC083B9FB5817DBD666D10C20F727469CF1E32B968D0271B
File icon (PE):
dhash icon	787c78fa87f7e6c4 (16 x Gh0stRAT, 11 x Pikabot, 9 x ManusCrypt)
Reporter	abuse_ch
Tags:	exe TrickBot

Intelligence

File Origin

# of uploads :

1

# of downloads :

178

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.37893722.12489.24102.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/481bbecf-1347-4535-b4b6-553ce5ab50d5

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/879070

Signature

Found C&C like URL pattern

Hides that the sample has been downloaded from the Internet (zone.identifier)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Suspicious powershell command line found

Uses schtasks.exe or at.exe to add and modify task schedules

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0/

Threat name:

Win32.Trojan.SpyEye

Status:

Malicious

First seen:

2021-10-29 01:21:00 UTC

AV detection:

7 of 28 (25.00%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

6b74dc043f9a12823ed98d704e4c8543c9b5d8b9240e65e9d31d2303ab914906

e55e95de03dff2a35cb8304d855c944a5309c56ff8d369af0a542e600faa6808

f5fd02ebd2376fd1bc1ff121e9bfda618755a5c049edc8a4288eb67eb1cc7f9b

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/211029-fzav1ahdam/

Unpacked files

SH256 hash:

851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0

MD5 hash:

8b3d6763be91ee26f3844b0f113e2a27

SHA1 hash:

263f6160fef67c614db9869b67bcf311009ae6bb

Link:

https://www.unpac.me/results/c8692381-47d0-42f7-aef7-2abd6479de7d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1722511/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample