MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e91c4019c91b12e04bff20bf3418ddb84e29ff54f275293b1cec9688ba18441. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e91c4019c91b12e04bff20bf3418ddb84e29ff54f275293b1cec9688ba18441
SHA3-384 hash: f5d5847b4daf27fff9ce8f3b88d4a05648584bd3f5a623aa9eb59e587e78ca3c307e69c77b2b885ffb713efc36eb7ddc
SHA1 hash: 2713ab53a0488134e35e74a9e802cf5781074102
MD5 hash: f856ddf2a166ec27c96922e0769d04dd
humanhash: hamper-oranges-orange-delaware
File name:SecuriteInfo.com.Generic.mg.f856ddf2a166ec27.30505
Download: download sample
Signature TrickBot
Create hunting rule
File size:454'656 bytes
First seen:2020-04-10 16:48:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 39be55723ce6071649311bd1845b8050 (1 x TrickBot)
ssdeep 6144:jfxj/cx7YRRVLpEDyyCrKNdHbC8cBpj7XuRC6K7NoA9e+:jfB/cx7YPf2yrqd714pj7XuAoA
Threatray 2'952 similar samples on MalwareBazaar
TLSH 2BA4C073659285B2E0860C3282474F75F7A0BD114B2561C7DB983B1DEA34FF49A327AB
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Armadillo-65
Create hunting rule

Win.Malware.Emotet-7665448-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Trickbot
Create hunting rule
Status:
Malicious
First seen:
2020-04-10 14:13:16 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t2i4iam4sgys4bf76if7gqmn3ocofh7vj4tvfe5rz3ewrc5bqraq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0d62ddbeb425b5b4715637866e4c4e6736909b15ba6360f0ecc68f8ae5da689f
TrickBot
45eb4fc349af6db90f7938853326c0b6f7ce4c2119bb873a449a0128dc1cc370
TrickBot
4dc82acf2a736e9cbaa39b5decfa943177417ad88d995ebe7fba79d9d0579849
TrickBot
546ba5ce0a83d3dbc31ee21e174438c9e3794834de8d11a47f04f1ce005cd67d
TrickBot
a0ab7c82f1f4e27192e6b3bef72275bb815dbb24c2d27d02a06ea6862546e7d6
TrickBot
aa8c5489d66d4c8281df1590641f32468dfa0429ff90d1183306f0a81b9915bb
TrickBot
babaa5f246f5b57fc0a02d081f9058990b3069f2bfe683e98b663a86f4b8752d
TrickBot
ccdc04adce0627519bf39c6491765a6c61b1ee62e188e4a329aee529623c92b8
TrickBot
d494077303e7a373e64379d2b7bb80695809d3c9c64c993d324775f33d8b798a
TrickBot
f4001d5fcb0c67c66b6c2df8f1b1bf173b9b25277c72916105b424137bc90a9b
TrickBot
+ 2'942 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe 9e91c4019c91b12e04bff20bf3418ddb84e29ff54f275293b1cec9688ba18441

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/337941/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::SetStdHandle
WIN_USER_APIPerforms GUI ActionsUSER32.dll::CreateWindowExW

Comments