MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58
SHA3-384 hash: aa656ce3534882ebef0747af98acd9a03fc5caf7fbb94fe3cf401b05a8cce30e67f1de935c3e07e7fe62e15dc96ae6fa
SHA1 hash: 315e6003573a5a2fe0b7b78a5916c39763442cb0
MD5 hash: 2d53fad08885e0b272f4d6084bf5bc84
humanhash: black-white-violet-mockingbird
File name:SecuriteInfo.com.Trojan.Trick.46529.12919.23884
Download: download sample
Signature TrickBot
Create hunting rule
File size:700'467 bytes
First seen:2020-03-18 10:04:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash facac38a79f5f77491948b84ce8584cc (11 x TrickBot)
ssdeep 12288:M5ba2SroKa5pwYM30A25cyDbXHELnUilfe0iLl5hCWc12jT7qjcuoq:iSfaM30A25AlGt55gWpvujN
Threatray 3'270 similar samples on MalwareBazaar
TLSH 16E47C2666347423D1D244714EAAD378AD28BCD261426C4F3DC1BD0867B3C93B9B5EEE
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Trick.46529.12919.23884.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Trickbot
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 03:56:14 UTC
AV detection:
21 of 45 (46.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
04e5c465f8681e4304b463790bc5a91ba211275fcab82083289d2b2e66ad656e
TrickBot
34df4fec6798befd9aa30d72fe35f258f36e70e787cc1a8554de86ba8632a312
TrickBot
497eebb26dbf500508b344dec05bbadb1e0421d77be6defc150bce9f88ea37b9
TrickBot
764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb
TrickBot
76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8
TrickBot
839fed416da07d973bd32504c2d27f69abf4a559d168393564fe2a39385f734f
TrickBot
994fd48ea6b10406fa09e59321321d2e06a7ff42d432fd0e6ed7e63ef4367eff
TrickBot
da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac
TrickBot
e2f38f9e1a1a443f3cae29cba1c5badb2d23453e782ed5fdb972be4507a873de
TrickBot
f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259
TrickBot
+ 3'260 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments