MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 994fd48ea6b10406fa09e59321321d2e06a7ff42d432fd0e6ed7e63ef4367eff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 994fd48ea6b10406fa09e59321321d2e06a7ff42d432fd0e6ed7e63ef4367eff
SHA3-384 hash: 49f6a11bd5ae05bdaace8a6af3fa5e09dbb27664a9a6099ba3cd8d15b93008f7c9bb7ec236d5d9745b93de3fd9de8d1e
SHA1 hash: dc381b153442249a55f96530d53694b62ce6f6c8
MD5 hash: 8c97c3a8551f1d4a1112166a0aede670
humanhash: network-orange-arkansas-carpet
File name:994fd48ea6b10406fa09e59321321d2e06a7ff42d432fd0e6ed7e63ef4367eff
Download: download sample
Signature TrickBot
Create hunting rule
File size:696'371 bytes
First seen:2020-06-03 15:04:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash facac38a79f5f77491948b84ce8584cc (11 x TrickBot)
ssdeep 12288:m5ba2SroKa5pwYM30A25cyDbXHELnUiahcjFW3iont6RTKy:cSfaM30A25AakFWyMt+l
Threatray 594 similar samples on MalwareBazaar
TLSH A5E46C2A65346423D1D244718DA6D378ED28BCD271826C4F3DC1BD0927B3C92B9B5EEE
Reporter raashidbhatt
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Trickbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 11:31:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tfh5jdvgwecan6qj4wjscmq5fydkp72c2qzp2dto27td55bwp37q._file
Verdict:
malicious
Similar samples:
04e5c465f8681e4304b463790bc5a91ba211275fcab82083289d2b2e66ad656e
TrickBot
34df4fec6798befd9aa30d72fe35f258f36e70e787cc1a8554de86ba8632a312
TrickBot
3be8cc6685249b115400224c229d5f1a39b310aa13869bbdcfffd7fcb9fc8b01
TrickBot
497eebb26dbf500508b344dec05bbadb1e0421d77be6defc150bce9f88ea37b9
TrickBot
53c3c318e161d8df1edb9501a68db93b29347178e49a062b6792b3da706a6834
TrickBot
76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8
TrickBot
839fed416da07d973bd32504c2d27f69abf4a559d168393564fe2a39385f734f
TrickBot
c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58
TrickBot
da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac
TrickBot
f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259
TrickBot
+ 584 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:tot698 banker trojan
Link:
https://tria.ge/reports/201109-2lqe5kfhan/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Executes dropped EXE
Trickbot
Malware Config
C2 Extraction:
5.182.210.226:443
192.210.226.106:443
51.254.164.244:443
45.148.120.153:443
195.123.239.67:443
194.5.250.150:443
217.12.209.200:443
185.99.2.221:443
51.254.164.245:443
185.62.188.159:443
46.17.107.65:443
185.20.185.76:443
185.203.118.37:443
146.185.253.178:443
185.14.31.252:443
185.99.2.115:443
172.245.156.138:443
51.89.73.158:443
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
181.129.134.18:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
202.29.215.114:449
180.180.216.177:449
171.100.142.238:449
186.232.91.240:449
181.196.207.202:449
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments