MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
TrickBot
Vendor detections: 7
| SHA256 hash: | c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be |
|---|---|
| SHA3-384 hash: | cfc5536bf8f4af4d34f2254163254e1406875d1e92b7e0336a366ed3175182e69a065e3c0751838fd41e7f306aea2672 |
| SHA1 hash: | 7c9ff4a71756b6d8329183294669aabab59195ee |
| MD5 hash: | 5e138a79931adc0c76b0b6ae46d90433 |
| humanhash: | april-wyoming-mississippi-earth |
| File name: | e21f86a0329f9fca7eb0492f22d76125 |
| Download: | download sample |
| Signature | TrickBot |
| File size: | 614'400 bytes |
| First seen: | 2020-11-17 14:46:07 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 8d30e57c6a35a6f8994c5967f3d6d712 (4 x TrickBot) |
| ssdeep | 12288:kFBfWwcRr/SjzTPMPpWygb2xglS/ORfEGT9cpPFTj:GzyzxglSVy2pPFTj |
| Threatray | 6'559 similar samples on MalwareBazaar |
| TLSH | D9D46C135DAD65E0E15205305E3A5F65283BBC263850EA4BD7A0BD6CE873783E8B532F |
| Reporter |  seifreed |
| Tags: | TrickBot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Connection attempt
Unauthorized injection to a system process
Threat name:
Win32.Trojan.TrickBot
Status:
Malicious
First seen:
2020-11-17 14:46:58 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
5/5
Verdict:
malicious
Label(s):
trickbot
Similar samples:
+ 6'549 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Score:
10/10
Tags:
family:trickbot botnet:lib7 banker trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Trickbot
Malware Config
C2 Extraction:
202.136.89.226:449
202.169.244.252:449
203.176.135.38:449
212.3.104.50:449
41.203.215.122:449
41.41.179.239:449
43.239.152.240:449
43.242.141.59:449
43.245.216.190:449
43.255.113.180:449
45.230.8.34:449
45.233.25.6:449
78.138.128.20:449
49.156.41.74:449
202.169.244.252:449
203.176.135.38:449
212.3.104.50:449
41.203.215.122:449
41.41.179.239:449
43.239.152.240:449
43.242.141.59:449
43.245.216.190:449
43.255.113.180:449
45.230.8.34:449
45.233.25.6:449
78.138.128.20:449
49.156.41.74:449
Unpacked files
SH256 hash:
c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be
MD5 hash:
5e138a79931adc0c76b0b6ae46d90433
SHA1 hash:
7c9ff4a71756b6d8329183294669aabab59195ee
SH256 hash:
234e80062c3071b002edd4c9ddccb1781fd9cd1d1f5b011f223ca64dcc3c323a
MD5 hash:
0742a066a92f5940a2a5fd8ccf035519
SHA1 hash:
635f56dfe2fdee72f43648f5e350ccb93f504517
Detections:
win_trickbot_auto
SH256 hash:
e4ffade6a267935b4f699cbe9de7b4d716edb735f3fd52434dc7c62c0aa570ff
MD5 hash:
949ffd4f39b63905165149fdfbc2a855
SHA1 hash:
1269c4afeaa03297558e3e793a624885eff46daa
Detections:
win_trickbot_a4
win_trickbot_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trickbot
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.