MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 977d8d7161f6ffea911d7eeb9f7467510a9a0db73197cbbb019b6251dcf92b0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	977d8d7161f6ffea911d7eeb9f7467510a9a0db73197cbbb019b6251dcf92b0c
SHA3-384 hash:	1ec7aa4fafb28288e25cdbae2925bdd4fae90e2b33145bd24c9a3f7de87eee43fa756a34abf156080b1d0eab1495ccf5
SHA1 hash:	90c945b10e55c25853f393ae54bcabdfede8fa81
MD5 hash:	59624e5c44a36a6510d460ee30d4ddd1
humanhash:	mountain-shade-yankee-papa
File name:	977d8d7161f6ffea911d7eeb9f7467510a9a0db73197cbbb019b6251dcf92b0c
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	168'448 bytes
First seen:	2020-10-24 21:04:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b18165f47b336aa7324c61f11fb04e4f (1 x TrickBot)
ssdeep	3072:8ohUhe4Vs7MLvSX+eV8DeyqGPRl2V1jInZHrDOjmM+VqYgQ6+:8oihe4GqvSX+C8DeyqeRM1jInZH/bM+v
TLSH	61F36C22F560C076D49610B4A7F53A5EDAE88B31435DA4C3A7C42CA46AE49E2FF3C357
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

TrickBot

Link:

https://www.capesandbox.com/analysis/75256/

Detection(s):

Win.Trojan.Trickbot-6335790-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/508727

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/977d8d7161f6ffea911d7eeb9f7467510a9a0db73197cbbb019b6251dcf92b0c/

Threat name:

Win32.Trojan.Totbrick

Status:

Malicious

First seen:

2018-09-11 03:27:54 UTC

AV detection:

36 of 46 (78.26%)

Threat level:

5/5

Verdict:

malicious

Label(s):

trickbot

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201024-78dctes4cx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

977d8d7161f6ffea911d7eeb9f7467510a9a0db73197cbbb019b6251dcf92b0c

MD5 hash:

59624e5c44a36a6510d460ee30d4ddd1

SHA1 hash:

90c945b10e55c25853f393ae54bcabdfede8fa81

Detections:

win_trickbot_a4

win_trickbot_auto

Link:

https://www.unpac.me/results/2bc8c42c-80fa-402c-b03e-97ed3a9d3aa0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Cryptor

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/977d8d7161f6ffea911d7eeb9f7467510a9a0db73197cbbb019b6251dcf92b0c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/75256/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample