MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cd9ff6a88e32c22bc217df94c45075bc145f0263d0e151180fe9651d8826e57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	8cd9ff6a88e32c22bc217df94c45075bc145f0263d0e151180fe9651d8826e57
SHA3-384 hash:	abc0b79c7170a2d0c1d70926b91ae81cb0273bbe9bf595587b6374a0af0fff35ecfd97c5a2b953c983e59c6c84d685f3
SHA1 hash:	781d0d11cd24f6fb9e4f2702b93cd07ac8c95416
MD5 hash:	ce30c86ce0159732627af4b34305f291
humanhash:	orange-four-ink-ten
File name:	SecuriteInfo.com.Trojan.Heur.D.GQW@d8SdqDli.7355.16546
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	2'632'192 bytes
First seen:	2020-05-14 22:35:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f70b11599e76d53849b96c7bb204c3be (1 x TrickBot)
ssdeep	49152:fXEkYsbw32OibC1XXInAr4zT1puIcjCEJvW9Gd0YblAtZOAeMczPThNVS:fUibwGOG6oArG1puYJ9GdRRlA2lj
Threatray	1'031 similar samples on MalwareBazaar
TLSH	94C53380C2C05C23C5DCA97DD693BE4C3C43B7E0ED635A916F6A5A4E89EF9090B0F665
Reporter	SecuriteInfoCom
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

1

# of downloads :

85

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Heur.D.GQW@d8SdqDli.7355.16546.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Malrep

Status:

Malicious

First seen:

2020-05-14 23:35:24 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Verdict:

malicious

Label(s):

trickbot

Similar samples:

33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a

389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf

433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30

610ef8befe605dd4ba3277c221c25932ffd6e1b939728da70ebd0d1b96fddaa4

7c2bcbc90aad473e93b52051f11b1c1d8f3d9436b7d95b49e1ca4c7c835b0115

9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd

b56f704d8baea24179931e0f4efe389e4fb6175c7fb83c49d31aac5ab1e00a03

d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2

daac1aafd4f0f7b1e1e0112e913285543d73179216bc42cdf67036dae67955f0

e9e9a0314ec1302997e3382807436f43a70e0dc2c165aafa6b5b8f3856d04d0d

+ 1'021 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

evasion trojan spyware

Link:

https://tria.ge/reports/201109-jmm4mhkzea/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks whether UAC is enabled

Looks up external IP address via web service

Checks BIOS information in registry

Reads user/profile data of web browsers

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8cd9ff6a88e32c22bc217df94c45075bc145f0263d0e151180fe9651d8826e57

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/362731/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample