MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b2a8e5204ffb2fcf0b469a256a1d3b72618a66ad03ddd256210622bac56bae7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b2a8e5204ffb2fcf0b469a256a1d3b72618a66ad03ddd256210622bac56bae7
SHA3-384 hash: 802ea9b6969ba3751d4ce4f2eee55800f99b61374358ffa4981f4555b57120e054f5e965a52144fa4b1558364959c015
SHA1 hash: 34c4f2db725db6d4f257159a33aa73ad769ab779
MD5 hash: 4b71dba2a5b69a949bc63e3493f45ad1
humanhash: six-burger-uniform-nineteen
File name:4b71dba2a5b69a949bc63e3493f45ad1.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:803'551 bytes
First seen:2020-09-11 05:32:53 UTC
Last seen:2020-09-11 06:43:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 93dc88155a00ae749ca86929ba8dffd0 (23 x TrickBot)
ssdeep 12288:KbQ5Gmpe+jNBNF8KegmyC+cbGxRt4tIUcOWTFLR3q69zvEQIXE:KcFjZB38KeUC+cbYRt4UB9rhYE
Threatray 2'871 similar samples on MalwareBazaar
TLSH 78059E23AD40B44ADA0B0CB15DFD5A7918363C2164156D4BB2D5BE8C2CB2AD36DF932F
Reporter abuse_ch
Tags:exe TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
271
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.Agent.EWFR.9348.26736.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Connection attempt
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/463835
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8b2a8e5204ffb2fcf0b469a256a1d3b72618a66ad03ddd256210622bac56bae7/
Threat name:
Win32.Trojan.TrickbotCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-09-11 05:34:06 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmvi4uqe76zpz4fungrfniotw4tbrjtk2a652jlccbrcxlcwxltq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
05b662e6e0ee03a3e2b87b14fcda6e28f8e048b62f5baeb698068b85d83b1181
TrickBot
06e399b781a4c5a13d67764d76189854beb3699409a5c5809eede651ba0f7435
TrickBot
09489e108c5b049847f98b97af75418db20af15d9cd727b240b922954b626845
TrickBot
66b833cc53b7c8984cb521afbb3f91a64e045a2830bc2e456e91becc7d282179
TrickBot
6f4e027d6a43811701f9f73b69e77a83e51336457284fb7925dcbed71b13820c
TrickBot
7b3850e39e8474d1f218df0d2ba21a3315759ebed9b40957f6336d313103ffb6
TrickBot
7eb79859f61d8c17c2311867019dca95098df7f55c0ef00580f1cf7fa904a99f
TrickBot
ad6ffe42e13f29cb042920e67867b886fddd40cfae44b5aba4e3331a582b4a0f
TrickBot
bea4a28914661d6b96f19150a9231d4718a4566ac737c2703c146dd04cf594b9
TrickBot
e8b03d2e2f16d44d8ce2272bb7f19c80c3006215b00624c79c204c70f54d1d83
TrickBot
+ 2'861 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
trojan banker family:trickbot
Link:
https://tria.ge/reports/200911-sv8h2jncwx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Trickbot
Malware Config
C2 Extraction:
51.89.177.20:443
194.5.249.174:443
107.174.196.242:443
185.205.209.241:443
82.146.46.220:443
5.34.178.126:443
212.22.70.65:443
195.123.241.90:443
185.164.32.214:443
198.46.198.139:443
195.123.241.187:443
86.104.194.116:443
195.123.240.252:443
185.164.32.215:443
45.148.120.195:443
45.138.158.32:443
5.149.253.99:443
92.62.65.163:449
88.247.212.56:449
180.211.170.214:449
186.159.8.218:449
158.181.155.153:449
27.147.173.227:449
103.130.114.106:449
103.221.254.102:449
187.109.119.99:449
220.247.174.12:449
183.81.154.113:449
121.101.185.130:449
200.116.159.183:449
200.116.232.186:449
103.87.169.150:449
180.211.95.14:449
103.36.48.103:449
45.127.222.8:449
112.109.19.178:449
36.94.33.102:449
110.232.249.13:449
177.190.69.162:449
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/8b2a8e5204ffb2fcf0b469a256a1d3b72618a66ad03ddd256210622bac56bae7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe 8b2a8e5204ffb2fcf0b469a256a1d3b72618a66ad03ddd256210622bac56bae7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/459871/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/58579/

Comments