MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8
SHA3-384 hash: e08a189443423bd9ae558601889934fda285a5708e610adaa8edfc69f6464097b82a23f235f84f44ed8d9595935c46a7
SHA1 hash: 2e26535aafd3f1dd601fe5f8bd5cd2483e6b4ada
MD5 hash: cb05f3de501e3ada9d5d0cfa8e10f7be
humanhash: four-uranus-pennsylvania-thirteen
File name:a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8
Download: download sample
Signature TrickBot
Create hunting rule
File size:1'257'457 bytes
First seen:2020-03-30 07:06:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 24576:Zqc8niukd8ZWPG59vuKD0u+d6CxXgl7An5zHeA8VNzWZPpUWqQqU8kbh:Zqc8iu7OG7P+MCxXg5A5beA8XzgPpUW7
Threatray 36 similar samples on MalwareBazaar
TLSH D945330C4C84E274C4FAAC77DB13D944BD58FE32A7666CB5EA021C9E04DBBE731944A6
Reporter Marco_Ramilli
Tags:exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upack-24
Create hunting rule

PUA.Win.Packer.Upack-14
Create hunting rule

PUA.Win.Packer.UPack-1
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader28.39617.7143.26085.UNOFFICIAL
Create hunting rule

MiscreantPunch.SingleXOR.EXE.127.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Onlinegames
Create hunting rule
Status:
Malicious
First seen:
2019-07-10 00:41:15 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead
TrickBot
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
TrickBot
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
TrickBot
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
TrickBot
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
TrickBot
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
TrickBot
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
TrickBot
aee048b20edd9abb8eff89b51d3c20e4ae4bfb9df25ca920cb9348f4d98ec3db
TrickBot
e37b9f443aeeb7bc508a9805354e0a91593d00536f61810eccaafbd9e325e347
TrickBot
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
TrickBot
+ 26 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/216546/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments