MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de064838cb87ab944c6a43f9ccfe42875ec2d4e0de7ecb3d61b92d3dcb44c5a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de064838cb87ab944c6a43f9ccfe42875ec2d4e0de7ecb3d61b92d3dcb44c5a9
SHA3-384 hash: eb0c84101549960cad32fb30f3c3f4c4e3ae4e1a2c4b4b689c6861d843f0649c4cfdda1a93be0561b52dbe6667a1352b
SHA1 hash: 68e287522e8d1b0c6a13608a521ba609e8183cf6
MD5 hash: 32b6a866a5d860aa9585ed8cc74e38f4
humanhash: tennessee-johnny-zebra-comet
File name:SecuriteInfo.com.Generic.mg.32b6a866a5d860aa.24931
Download: download sample
Signature TrickBot
Create hunting rule
File size:350'720 bytes
First seen:2020-04-24 08:51:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'753 x AgentTesla, 19'660 x Formbook, 12'250 x SnakeKeylogger)
ssdeep 3072:XG4bHoVmyGxuLngu8xwAvzmUXU9G6Knri/0XBrVBkYZgz:zbmm6vCwA7mBD
Threatray 3'009 similar samples on MalwareBazaar
TLSH 3274086355E97D8EC823F9774D52ABC081727CE21B6916A0887E3FAF18225993743D33
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.32b6a866a5d860aa.24931.UNOFFICIAL
Create hunting rule

Result
Threat name:
Fastloader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/346522
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Com
Create hunting rule
Status:
Malicious
First seen:
2020-04-23 16:58:03 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3ydeqoglq6vzitdkip44z7scq5pmfvha3z7mwplbxewt3s2eywuq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
1d548c3158019bf9de332a8fa34dd6d3ae3e4151bb896918eb2fd137860f21da
TrickBot
2d0d08b27eec389f3edd036b4bb4ded2c24500bf53dba2a3a46eb2ecd36105e6
TrickBot
764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb
TrickBot
99a116f3577e8f8054ceb546f05ef212a5e22a686e462d08e8355522feb70fc5
TrickBot
a49a095ec2f03a00358f4874acf3d574d0d582a52065d1f597d9d83b0eea93ff
TrickBot
c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58
TrickBot
ccdc04adce0627519bf39c6491765a6c61b1ee62e188e4a329aee529623c92b8
TrickBot
d494077303e7a373e64379d2b7bb80695809d3c9c64c993d324775f33d8b798a
TrickBot
da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac
TrickBot
f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259
TrickBot
+ 2'999 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe de064838cb87ab944c6a43f9ccfe42875ec2d4e0de7ecb3d61b92d3dcb44c5a9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/350437/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments