MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acd7214a4c37bbfd55ea244080769e4c0daf59edb47b3abcddcf5874cdb3054f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acd7214a4c37bbfd55ea244080769e4c0daf59edb47b3abcddcf5874cdb3054f
SHA3-384 hash: 2828e0eead849b103e5b1db811627d0587bafd3a26967fb6835eb9068efcbb78ad026bb419234a7e8429dd1ce92e413f
SHA1 hash: b17b32b567f1a600338f61b27f316f893aad195d
MD5 hash: a8653b87fa1d4f73da86fd962e9c4b95
humanhash: crazy-zulu-hotel-artist
File name:x86_1_43652012_Agreement.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:288'256 bytes
First seen:2020-06-16 10:51:39 UTC
Last seen:2020-06-16 12:14:43 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 17e4bfb4ac66ce20e1019aa57db81690 (1 x TrickBot, 1 x TA505)
ssdeep 6144:BLqHpxvimLFMt8d6dOlTu3vWy/Z47XTQsOZr07AtpXhmL:4H3pLFMOd6l1Rws0Ut5Q
Threatray 87 similar samples on MalwareBazaar
TLSH 7254F13696D2818EF1C809795AF60BD444716F703F1480D32BAA15E9AC789A5FD0FB3B
Reporter JAMESWT_WT
Tags:dll TA505 TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
827
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10908/
Detection(s):
SecuriteInfo.com.Variant.Mikey.113800.4422.4230.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 10:17:52 UTC
File Type:
PE (Dll)
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0d4f2d354fd2aca85b2719d749eb88c1f444309ae27f3824f0faac8bdbfa4249
TrickBot
4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b
TrickBot
508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986
TrickBot
5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0
TrickBot
674cac26b5ee006a476669c6857e24a8187ef94945d521c8bbe9069ec74494ba
TrickBot
9ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07
TrickBot
9dd13e02121ff016438f0540d169df51ac44527eabc4116143d6e0b569dc1f99
TrickBot
c8e25ee1363bbd595f4783537fc1028f427a8ed0d7a1940dab3bd67abfc53f85
TrickBot
ce0f73cf6d1f1ed4fd3e15c7fd70a6581215a93e6a45cdf2e64af68c4c1993af
TrickBot
e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487
TrickBot
+ 77 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-msvrmtntks/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_get2_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10908/

Comments