MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d314ff883243444f1853614759a5ec7af96a1829cebdeaa283fc1051e4261ffa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d314ff883243444f1853614759a5ec7af96a1829cebdeaa283fc1051e4261ffa
SHA3-384 hash: 1764b238e8d83f3eba65d0c334a647dded232897e187dca60eadbe04ec167c140d5b706ea826659329b47215b3596208
SHA1 hash: 205bb2b2cb984043164a7b3826e5f28a8ab1957f
MD5 hash: 625fe668474594ebfb5275f84d05e4b7
humanhash: skylark-april-network-bluebird
File name:ContactManager.bin
Download: download sample
Signature TrickBot
Create hunting rule
File size:360'448 bytes
First seen:2020-10-22 07:01:09 UTC
Last seen:2020-11-25 17:16:17 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash fe66329a80f546b0e7838999bff3bed4 (1 x TrickBot)
ssdeep 6144:eFWcYF+YTtTxHyNFpJIOADDYPrLcstLelZSgWGJcUCTmYowoe:eFvYB5ty12OADDYDLcstLelZM0caYoS
Threatray 10'026 similar samples on MalwareBazaar
TLSH 1C74E00572928834FC8D0D7A4F461B394F3ABC948FB5C6876BE0368D5EB2BD0BD29506
Reporter JAMESWT_WT
Tags:dll TrickBot

Intelligence

File Origin
# of uploads :
3
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/74501/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/506727
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 302546 Sample: ContactManager.bin Startdate: 22/10/2020 Architecture: WINDOWS Score: 56 27 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->27 29 Multi AV Scanner detection for submitted file 2->29 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 2 8->12         started        process5 14 iexplore.exe 2 84 10->14         started        16 WerFault.exe 20 11 12->16         started        process6 18 iexplore.exe 5 156 14->18         started        dnsIp7 21 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49731, 49732 FASTLYUS United States 18->21 23 www.msn.com 18->23 25 7 other IPs or domains 18->25
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d314ff883243444f1853614759a5ec7af96a1829cebdeaa283fc1051e4261ffa/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 06:42:33 UTC
File Type:
PE (Dll)
Extracted files:
30
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03ca6728b986793c50078f548f1a9110d43a3f7aa08bc167fd17757156a1e744
TrickBot
05b662e6e0ee03a3e2b87b14fcda6e28f8e048b62f5baeb698068b85d83b1181
TrickBot
09489e108c5b049847f98b97af75418db20af15d9cd727b240b922954b626845
TrickBot
2476550bd33cd834fa3a3927eb30de299621870f50b5f0265453d10c74d65c55
TrickBot
3ee706f07d13cb9e617eac2b4442479634ab48f11005568c739c6dcab75052a4
TrickBot
5ec3fca3f0fa3232c85ace8ea62056223149452b70bee259706984e2c96e1998
TrickBot
6ae3a03a68a4a6ce72eddae2943476e1e43938758ab1123168e76dff0aebcb31
TrickBot
7eb79859f61d8c17c2311867019dca95098df7f55c0ef00580f1cf7fa904a99f
TrickBot
7fee0f3adb6bb5a3ed22ad960709a87893e2512d099f6c8c39946097d9a4122b
TrickBot
fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4
TrickBot
+ 10'016 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
trojan banker family:trickbot
Link:
https://tria.ge/reports/201022-155plmwe5a/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Looks up external IP address via web service
Trickbot
Malware Config
C2 Extraction:
103.127.165.250:449
103.109.78.174:449
199.38.120.89:449
103.206.128.121:449
199.38.120.91:443
199.38.121.150:443
199.38.123.58:443
208.86.162.215:443
208.86.161.113:443
208.86.162.241:443
Unpacked files
SH256 hash:
d314ff883243444f1853614759a5ec7af96a1829cebdeaa283fc1051e4261ffa
MD5 hash:
625fe668474594ebfb5275f84d05e4b7
SHA1 hash:
205bb2b2cb984043164a7b3826e5f28a8ab1957f
Link:
https://www.unpac.me/results/9db9f41c-8faa-42ab-ae74-57bbc260f6db/
SH256 hash:
10f47054dc04f16a65a36011b2a0e154eca55f7abf54395974347ccb6b27c22d
MD5 hash:
600c57d74ce50cbb9da6f42865d6f39a
SHA1 hash:
1909c756745fed077149f8f36893d81df50517e1
Detections:
win_trickbot_a4
Create hunting rule
Link:
https://www.unpac.me/results/9db9f41c-8faa-42ab-ae74-57bbc260f6db/
SH256 hash:
09a9f9f16d2d3dabe6530a1189181b1475c9606da6161a030ca6d6467392c735
MD5 hash:
a9a8c90713306285948b45dd382c2fe8
SHA1 hash:
659799ba7c2e313bd258f418ef32d11e6d709802
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/9db9f41c-8faa-42ab-ae74-57bbc260f6db/
SH256 hash:
e981356499a21959b50bee39bcd8e4b75daaf571ac7d86354cb32d05ab0e63c9
MD5 hash:
3300cf72642cdf63fa56f578581b0ff7
SHA1 hash:
9c353dbaf3d41e131293deac10a17d408b8c4cec
Detections:
win_trickbot_a4
Create hunting rule
Link:
https://www.unpac.me/results/9db9f41c-8faa-42ab-ae74-57bbc260f6db/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/74501/

Comments