MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4
SHA3-384 hash: f98a9e31f276c15328dc2aa77b06b87fb4022b855b303ca48363d4e2a88c1a5989b6e526a36b5e9b0f9cb2711a14a155
SHA1 hash: 1c273f4e329c5527625a75fcb9488522e9c555e0
MD5 hash: d79ab901b334ecfec1320778fdd507c5
humanhash: xray-two-enemy-stairway
File name:20210610_id068aa.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:471'040 bytes
First seen:2021-06-10 20:10:34 UTC
Last seen:2021-06-10 20:47:12 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 138b75389ce3822d86ad7f6cfbebc40d (2 x TrickBot)
ssdeep 12288:ctDlVPn5ZvJvxc3DmEAdLXcppE/XhtvWQ:8n5Z/E5kPhtvWQ
Threatray 772 similar samples on MalwareBazaar
TLSH 7CA4D01372A4C075D39F02314E636B7AB6B5FD508F70CA9B5794DF5D0E32A818D2A32A
Reporter ffforward
Tags:BazarCall dll mon311 TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
295
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/165963/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.3451.7818.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Forced shutdown of a system process
Unauthorized injection to a system process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
7 / 100
Link:
https://www.joesandbox.com/analysis/800501
Behaviour
Behavior Graph:
n/a
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4/
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
01f2c84a70591092d759626abcda56cd89a3f76b51627685df2611e861657a3e
TrickBot
3ab24a8fd91dc87da83930eb33c9bab160031eaca849f9ecc32448b386e2f724
TrickBot
3cd2b72f85d145e8bfc5fadc184e97d6d102e3b22a45815358c43538c9c1dc18
TrickBot
437d0b75f67c18c12a35d9c0e1a32fc57b426834fa4df63f30f11cb17dd24528
TrickBot
507a6d57570a5774ce656a1b82535a4992e2320c6a760a5e957665263bf102cd
TrickBot
63460db804ae28d642ede8b1c6126958dc0d42c4e526903fca6e147569a7b9d0
TrickBot
678de819abf5f00b28eaaa8239169a08a75050a4df26fe3ce5b262d6c7b6cb24
TrickBot
acb81dadb44ea5fac7a47aa1829865e765524bff935c74e2f31af97ed81b7479
TrickBot
be98cf40b1ba5dafde4834ba50fb1dc697e456b9f93cb437842f5177160c9fad
TrickBot
c22df6708ee597cfbc4079d96503e8159104cdf1f0d3a9fecb6741a9e152d0b2
TrickBot
+ 762 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:mon311 banker trojan
Link:
https://tria.ge/reports/210610-dwly2hcvnx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Trickbot
Malware Config
C2 Extraction:
178.72.192.20:443
103.124.145.98:443
45.5.152.39:443
114.7.240.222:443
85.248.1.126:443
94.183.237.101:443
146.196.121.219:443
89.37.1.2:443
94.142.179.77:443
177.221.39.161:443
85.175.171.246:443
103.12.160.164:443
180.178.106.50:443
94.142.179.179:443
46.209.140.220:443
123.231.149.122:443
123.231.149.123:443
182.160.116.190:443
131.0.112.122:443
116.0.6.110:443
103.101.104.229:443
88.150.240.129:443
103.242.104.68:443
Unpacked files
SH256 hash:
79a402e6103628ba21fcb7ccab2daadf64e5c68839b405ef9d8a799fa84dd286
MD5 hash:
a0f55c46b3050451256c3e43e0183c03
SHA1 hash:
c4d69a5b541c088ba9449930c0143741029dc0b1
Link:
https://www.unpac.me/results/d9d237d4-e68d-4eb7-a4cb-f1cafea209a9/
SH256 hash:
5806e6c90529fa94d28e473a0609efa97a62b35ea71926c061bae9a365894871
MD5 hash:
9940e0f6e03e9f011a1f7d51ddc6c707
SHA1 hash:
649d6481d42447e717f43fa951550c2ac6e0c902
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/d9d237d4-e68d-4eb7-a4cb-f1cafea209a9/
Parent samples :
87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4
083424f93427a47fe75c914dcf71091226bd598a0ce512dccd01cb0b5d48c918
SH256 hash:
be208603b7246dfb24a68cf163e342b6d2c2e4b7c2e909274c78e8d172a8a8af
MD5 hash:
b858e891b6775e754131150acb21b342
SHA1 hash:
5775455bd82f3dcfcae3fe5bb2473446ddffcbdf
Link:
https://www.unpac.me/results/d9d237d4-e68d-4eb7-a4cb-f1cafea209a9/
SH256 hash:
d6252f3b0636e892251c8e46ad7f3b84c634e128d0eebd09272fb171ec359d44
MD5 hash:
b64e8f445fb37053648435e41fa18538
SHA1 hash:
0f415cdcd80acc9ce7559e09a2296352189ddaac
Link:
https://www.unpac.me/results/d9d237d4-e68d-4eb7-a4cb-f1cafea209a9/
SH256 hash:
87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4
MD5 hash:
d79ab901b334ecfec1320778fdd507c5
SHA1 hash:
1c273f4e329c5527625a75fcb9488522e9c555e0
Link:
https://www.unpac.me/results/d9d237d4-e68d-4eb7-a4cb-f1cafea209a9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

DLL dll 87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1350968/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/165963/

Comments