MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e746625abad522321067f546c40e8b26176ef5585bf3a45cb58ff758738f68c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9e746625abad522321067f546c40e8b26176ef5585bf3a45cb58ff758738f68c
SHA3-384 hash:	cd824f063a8a5af761f795156c508710ac9e87d8e1c10a8ef0197870664943c229f7cdd938371cde5bfade7f7c93e95a
SHA1 hash:	42d281abeb10649bff097504f20e8fc2c8e85f5c
MD5 hash:	4df84f8de8a5526f119c26518b529757
humanhash:	thirteen-lion-uranus-tennis
File name:	newbuer.exe
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	114'648 bytes
First seen:	2020-05-18 15:42:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e9c0657252137ac61c1eeeba4c021000 (53 x GuLoader, 26 x RedLineStealer, 17 x AgentTesla)
ssdeep	3072:3omnzVincQDKgcTDLrZbJFTAVpn4eqlXUx4d+hklhdg:3tZHhDm4eqNUx4ohklQ
Threatray	138 similar samples on MalwareBazaar
TLSH	E3B3F1532B9068A7DDB60BB018FAEA35DFB8BE11259986470314B5593EB33C14C1E3B7
Reporter	James_inthe_box
Tags:	exe TrickBot

Code Signing Certificate

Organisation:	AddTrust External CA Root
Issuer:	AddTrust External CA Root
Algorithm:	sha1WithRSAEncryption
Valid from:	May 30 10:48:38 2000 GMT
Valid to:	May 30 10:48:38 2020 GMT
Serial number:	01
Intelligence:	363 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:	This certificate is on the Cert Central blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Adware.Browsefox-6628766-0

PUA.Win.Trojan.Generic-6629274-0

PUA.Win.Downloader.Soft32downloader-6691270-0

SecuriteInfo.com.Trojan.GenericKD.42220477.4087.19311.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Tinynuke

Status:

Malicious

First seen:

2020-05-15 15:47:10 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 31 (70.97%)

Threat level:

2/5

Verdict:

malicious

Label(s):

trickbot

Result

Malware family:

buer

Score:

10/10

Tags:

family:buer loader persistence

Link:

https://tria.ge/reports/201109-3y8spjwyvx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

NSIS installer

Program crash

Suspicious use of SetThreadContext

Enumerates connected drives

Deletes itself

Loads dropped DLL

Executes dropped EXE

Buer Loader

Buer

Modifies WinLogon for persistence

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample