MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d
SHA3-384 hash:	f832d21d01910e1ca7001f34994359a39f9ddab278a0a3c77b3882c7235b0d421f6fd31d160830ac1ee7d13f154ba3f0
SHA1 hash:	36652d1f9864df702f17ec954e46b4e5aff9fc57
MD5 hash:	bb929f1860d2e18dccd0bac3f89228f2
humanhash:	potato-wolfram-aspen-artist
File name:	bb929f1860d2e18dccd0bac3f89228f2.exe
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	185'344 bytes
First seen:	2021-11-01 18:17:32 UTC
Last seen:	2021-11-01 20:06:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	653d2db41587e1e0124e6e9c30ca0e11 (2 x TrickBot)
ssdeep	3072:9GSrVqwQITouTpXo/OXu3yUF/pstBaDqwONnct437Bl3N2UL8n:DQwQSl4rCUF/p/uwONct43j92U
Threatray	5 similar samples on MalwareBazaar
TLSH	T15404BE22A6D80455E49BEFBC083B9FB5817DBD666D10C20F727469CF1E32B968D0271B
File icon (PE):
dhash icon	787c78fa87f7e6c4 (16 x Gh0stRAT, 11 x Pikabot, 9 x ManusCrypt)
Reporter	abuse_ch
Tags:	exe TrickBot

Intelligence

File Origin

# of uploads :

2

# of downloads :

276

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

bb929f1860d2e18dccd0bac3f89228f2.exe

Verdict:

No threats detected

Analysis date:

2021-11-01 18:29:08 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/534f693f-d454-40b7-ac46-f690cc74bc23

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/201167/

Detection(s):

SecuriteInfo.com.BackDoor.Siggen2.3620.7222.11425.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/61802f5da9d585e6d53da065/reports/72653c1b-ee0b-4b7f-ae7b-84049970905e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a0ae3a5a-3e2c-4e90-9d42-975e22bdc5b5

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/880657

Signature

Found C&C like URL pattern

Hides that the sample has been downloaded from the Internet (zone.identifier)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Suspicious powershell command line found

Uses schtasks.exe or at.exe to add and modify task schedules

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d/

Threat name:

Win32.Trojan.SpyEye

Status:

Malicious

First seen:

2021-10-29 01:30:00 UTC

AV detection:

7 of 28 (25.00%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

6b74dc043f9a12823ed98d704e4c8543c9b5d8b9240e65e9d31d2303ab914906

851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0

e55e95de03dff2a35cb8304d855c944a5309c56ff8d369af0a542e600faa6808

f5fd02ebd2376fd1bc1ff121e9bfda618755a5c049edc8a4288eb67eb1cc7f9b

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/211101-wxlsgsade7/

Unpacked files

SH256 hash:

d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d

MD5 hash:

bb929f1860d2e18dccd0bac3f89228f2

SHA1 hash:

36652d1f9864df702f17ec954e46b4e5aff9fc57

Link:

https://www.unpac.me/results/777b9268-e43e-4827-9bfb-9bbbdab74688/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1722511/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/201167/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample