MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95a4cf409c7e7813bfa744598bee2e0e572b2d05ec31622867237ea6dab8a813. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95a4cf409c7e7813bfa744598bee2e0e572b2d05ec31622867237ea6dab8a813
SHA3-384 hash: 0f971eab6035017320c25683c7f15b9ad7f032503c38a09d1af71aee05b7a59b84d0de605e48e5a80d76765376096efb
SHA1 hash: 2a3f861726445ee20790d65b4e71c4c99a625ae1
MD5 hash: e116b79051afda3b8b39ea718eacf2d2
humanhash: earth-equal-seventeen-finch
File name:SecuriteInfo.com.Generic.mg.e116b79051afda3b.25526
Download: download sample
Signature TrickBot
Create hunting rule
File size:210'944 bytes
First seen:2020-06-25 12:39:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 18a6d8cc489424dd8b647b4522075b49 (2 x ArkeiStealer, 1 x SystemBC, 1 x TrickBot)
ssdeep 3072:3LtB3ETlHLkUwhIn1vRl8SCp36+ASSVGngJYSLY1Rtch2OPEZY3XV4G/XK/ksX7:3Ad32In1vR+JASGJHMN2RP20XyGC/
Threatray 106 similar samples on MalwareBazaar
TLSH A324BE1A37F1C27ED0A70E309C61F6A01A7BFC716626415B235E223F2D713F09A69796
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14269/
Detection(s):
SecuriteInfo.com.Generic.mg.e116b79051afda3b.25526.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file in the %temp% directory
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Sending an HTTP POST request
Sending an HTTP GET request
Creating a process from a recently created file
Creating a file
Deleting a recently created file
Running batch commands
Launching a process
Using the Windows Management Instrumentation requests
Connection attempt to an infection source
Deleting of the original file
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95a4cf409c7e7813bfa744598bee2e0e572b2d05ec31622867237ea6dab8a813/
Threat name:
Win32.Ransomware.ObfusCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 10:14:00 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
2b911df18337cc69e42d8c16ab58856af2722c7618146a491c9efe54aa73fdbe
TrickBot
2ba5b16b9ce46066c1122bad1fc5feb3de0743451c6603b98e3d0ffe6f9cc019
TrickBot
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91
TrickBot
9b28aa737bbfec90341c6a42e2d44f3308659e4fb9dd42d98a0b46cde7aaed63
TrickBot
cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca
TrickBot
d7a340421f260de130a285233b110130fbccd2f26f1f70fc1600bf2855073017
TrickBot
d95b7c505dbb3905f88c71bb1efedfe716a0d65862a622eb932f3d774a07a740
TrickBot
e237d6e3b44c0bcacf4eff59f58c8028a48c0675f283adc96490ae6daf645bd7
TrickBot
e7c777cc2838334214d3349178f52cd2fdce9138cbd51de1c62bcc73a3478a4f
TrickBot
e91568f40d148d2bdf04cf14156febbbb0d72e10b876c38d0900e0a66cb8706f
TrickBot
+ 96 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200625-ke37nh3fge/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14269/

Comments