MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a12408a06cdbe8c27e3e0a722527c37ab5d75797b9082de4c847b3652937044f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a12408a06cdbe8c27e3e0a722527c37ab5d75797b9082de4c847b3652937044f
SHA3-384 hash: 0ae15bb680a97a5c5abed46184241934498cd3c228eaba1652cc174a0a3e2f7d6d6fd20664644ad2195c2524f47a65b2
SHA1 hash: 81ab01b78b34f9ab19e59a2682028a116da7186b
MD5 hash: c35db4201371e178d8d57058cc0df2c5
humanhash: pizza-march-ten-aspen
File name:SecuriteInfo.com.Win32.Injector.ELOQ.8563
Download: download sample
Signature TrickBot
Create hunting rule
File size:196'608 bytes
First seen:2020-04-22 15:10:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3b273032c68b10574f5cba1a95bf7acd (1 x TrickBot)
ssdeep 1536:T/CQ65VENLmxHlxs847cylky+8y6+/zvzxSn6u4YqltVxF/YPlVsLpP:05uwFl4dr9yDwkyKV
Threatray 136 similar samples on MalwareBazaar
TLSH 031418007D34E472C61007703EEACBBAD2A43DE6C9E5955F2040B76EEF7218669A617F
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/2016/
Detection(s):
SecuriteInfo.com.Win32.Injector.ELOQ.8563.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 19:56:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uesaridm3pume7r6bjzckj6dpk25ov4xxeec3zgii6zwkkjxarhq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
TrickBot
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
TrickBot
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
TrickBot
243a2b578261be1f29edf7c38a2c2b034bdf7b05591d5cbd8d386d3b2d003c20
TrickBot
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
TrickBot
5fbfdce7de62ac9f1d5780a1e8a1d980b9c15bda8b45fa30e70bd1974589afe9
TrickBot
a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248
TrickBot
a4429d0165e0b0c5e3b7840303bed826a9de8122d824622656d9ae9d6e396eea
TrickBot
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
TrickBot
efb49d2dce05a0e46211758c5907f085ed3ca37a93da268db71cf5dc34e9c52a
TrickBot
+ 126 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe a12408a06cdbe8c27e3e0a722527c37ab5d75797b9082de4c847b3652937044f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/348142/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/2016/
Cape
Cape
https://www.capesandbox.com/analysis/2015/
Cape
Cape
https://www.capesandbox.com/analysis/2014/
Cape
Cape
https://www.capesandbox.com/analysis/2013/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments