MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd
SHA3-384 hash: 4ee0d2fa395e30f963de6f47df425dd2487ba4044cac2fc585b9575de3fc4dd0b1cc181b70e24f445f00f453ab9fcaf3
SHA1 hash: cdcd3bcb11ed490a9603808347455f52a1676ec8
MD5 hash: 48b86834eae4754427c9de930bd9ce90
humanhash: robin-eighteen-alpha-sodium
File name:http___142.11.195.33_images_lovemetertok.png
Download: download sample
Signature TrickBot
Create hunting rule
File size:557'056 bytes
First seen:2021-07-22 19:39:26 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f3deb6209dc9c95daaecc9f849af840f (12 x TrickBot)
ssdeep 6144:6nhWubOStZ6AbgmgwLp3gUhWeGtLOPc/woVPHma1MXohuPATdTpNSTrbkYW412ph:6nTltgBNwxgUXw/DGaXhu45pI3rep
Threatray 874 similar samples on MalwareBazaar
TLSH T1DFC4CF2235E08577C4EF16345E667778A3FBBD942BF2C147679A891C6D339028B22327
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter Racco42
Tags:dll PNG TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173439/
Detection(s):
Win.Malware.Fkrt-9880578-0
Create hunting rule

SecuriteInfo.com.Trojan-Spy.TrickBot.9984.29939.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
TrickBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cef352b4-ebfd-4025-845e-c53c7d426d6b
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/820397
Signature
Initial sample is a PE file and has a suspicious name
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2021-07-22 19:40:05 UTC
AV detection:
26 of 46 (56.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4
TrickBot
7bc0a27df5b8420ca23081fb973bb68729bab7b6229513c81019f7be76deb8e1
TrickBot
9da8a5a0b5957db6112e927b607a8fd062b870f2132c4ae3442eb63235f789e1
TrickBot
a3b6b719ce886b1b47b5e1d94d5d017c6bd58d3732ee3d43e0557b6395a87401
TrickBot
cd7f39f9f95a1161878980631e4069057e715e84bf3ecf940bfca97ce5a96e20
TrickBot
d4d87a208df0ba460ccc94d8b7c62e223e4f0a18fa2b799f13ab5ee70f3c2e6c
TrickBot
dafc058d57b736297e2e8c5126a3a4310e007c32cdaecdbe5af8e8eca05f33ed
TrickBot
e07cef58aa29455209f32ef23249c9dbfc14dcb79b129dcef040f84aec0253fb
TrickBot
faba77692acd1b52614d6379b4f197af178119baef932ee3157098e3bbcceef7
TrickBot
fe91dea9457e5d92d63cb97758a278939ef33b0529bce694dba57d2db5caedee
TrickBot
+ 864 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:rob109 banker trojan
Link:
https://tria.ge/reports/210722-36f6al77f2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Trickbot
Malware Config
C2 Extraction:
38.110.103.124:443
185.56.76.28:443
204.138.26.60:443
60.51.47.65:443
74.85.157.139:443
68.69.26.182:443
38.110.103.136:443
38.110.103.18:443
138.34.28.219:443
185.56.76.94:443
217.115.240.248:443
24.162.214.166:443
80.15.2.105:443
154.58.23.192:443
38.110.100.104:443
45.36.99.184:443
185.56.76.108:443
185.56.76.72:443
138.34.28.35:443
97.83.40.67:443
38.110.103.113:443
38.110.100.142:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443
38.110.100.33:443
38.110.100.242:443
185.13.79.3:443
Unpacked files
SH256 hash:
938812d5f46ffe93c903743719992f2b63a8bfdd619adbb85a88137e9ed28330
MD5 hash:
59509d380c2b8dc8babc705bd262e749
SHA1 hash:
e65a7e2026e1af085ff3e80f9486ef3bc5cc1f00
Detections:
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/0f16e3c8-54d3-4a83-b1ee-b51d1b085b84/
Parent samples :
dafc058d57b736297e2e8c5126a3a4310e007c32cdaecdbe5af8e8eca05f33ed
d4d87a208df0ba460ccc94d8b7c62e223e4f0a18fa2b799f13ab5ee70f3c2e6c
7bc0a27df5b8420ca23081fb973bb68729bab7b6229513c81019f7be76deb8e1
1c8a67342a601e649f56e32383fecea6d62036a38a7edd2991bfd0e3323fd5f4
d06c5ec5cefe2c6b80bf532cae9c270f2e25f0f2c5e6b05cffa36fe8a17dac3c
fda93931bb0b67a61cae3acdae38a66fba556813a194239c0391819b3dbfed26
fe91dea9457e5d92d63cb97758a278939ef33b0529bce694dba57d2db5caedee
faba77692acd1b52614d6379b4f197af178119baef932ee3157098e3bbcceef7
cd7f39f9f95a1161878980631e4069057e715e84bf3ecf940bfca97ce5a96e20
a3b6b719ce886b1b47b5e1d94d5d017c6bd58d3732ee3d43e0557b6395a87401
e07cef58aa29455209f32ef23249c9dbfc14dcb79b129dcef040f84aec0253fb
9da8a5a0b5957db6112e927b607a8fd062b870f2132c4ae3442eb63235f789e1
b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd
7c19373d58728b0e1b36cf30af5dca5eb5975acaaf2b8b0eeac0f87a4f82ce06
ab31cadce548ff34783ae6a838a3ece8484f4c96b02de8c9b314c0f96c064ab7
SH256 hash:
7429e3e9681fdfebc8210a744a9e41c7ad849f7af0c611ee4c272a67cbd44251
MD5 hash:
8c1a2825ab2da0ef39175720516294ca
SHA1 hash:
bdba87361cabe6814d5be5c0bb60b68f29b6e98a
Link:
https://www.unpac.me/results/0f16e3c8-54d3-4a83-b1ee-b51d1b085b84/
SH256 hash:
59fc89c6cc4e85280791ab15e2e63e64fa4fd971bb57c0e266969bb2dbd9bc9a
MD5 hash:
dade50b747b1edd25607b2a6e7caa31a
SHA1 hash:
4d78b173bfd5bdf95d687c3bdfa3f8218e342bf4
Link:
https://www.unpac.me/results/0f16e3c8-54d3-4a83-b1ee-b51d1b085b84/
SH256 hash:
8ec4c1b7bd6dc445b04d8d93740bcc72ee3ea94316e321c9fc7b5d77bfd314d5
MD5 hash:
9b49ff370e20a1581da344390b5a1d94
SHA1 hash:
085dd34e7281f8669a1e94001167cecd6c2be741
Link:
https://www.unpac.me/results/0f16e3c8-54d3-4a83-b1ee-b51d1b085b84/
SH256 hash:
b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd
MD5 hash:
48b86834eae4754427c9de930bd9ce90
SHA1 hash:
cdcd3bcb11ed490a9603808347455f52a1676ec8
Link:
https://www.unpac.me/results/0f16e3c8-54d3-4a83-b1ee-b51d1b085b84/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/173439/

Comments