MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 def94d349e3c5637e40dcf603fd7c41d8807f13c0804bea48f1e098fd7629578. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: def94d349e3c5637e40dcf603fd7c41d8807f13c0804bea48f1e098fd7629578
SHA3-384 hash: 7e3dcf8cda15e7b76f944dccf3679bc9e997f54b1e2858bb298b05d33458134b5f23dac903ada1b2ddfc9482e89b1ef2
SHA1 hash: ef46ced87944f595aa6377e9108054a43df3d439
MD5 hash: e1444cb2351bcb72bc19c034a7525635
humanhash: nitrogen-lemon-glucose-freddie
File name:e1444cb2351bcb72bc19c034a7525635
Download: download sample
Signature TrickBot
Create hunting rule
File size:1'882'112 bytes
First seen:2021-09-10 05:46:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 542a8c0c784537b1ec6f0eae4088f47d (4 x TrickBot)
ssdeep 49152:SVB3Xujk16sb2FX6CzYQsWGAMAsYbGMctIBR:SzXuQ16sb2FX6RnWGJA1GMca
Threatray 3'929 similar samples on MalwareBazaar
TLSH T17895F1323AC2C078D12205328A59F76942EEBFB55F3243DB76DC9E1F5A715C1AA36213
dhash icon cc8a539286e471b2 (4 x TrickBot)
Reporter zbetcheckin
Tags:32 exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
218
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e1444cb2351bcb72bc19c034a7525635
Verdict:
Suspicious activity
Analysis date:
2021-09-10 05:48:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/14fffb8c-5fe5-43a0-bff1-6b92830b49ef

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186776/
Detection(s):
SecuriteInfo.com.Trojan.Packed.140.7173.11338.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/369774ae-8596-4b69-a198-7afe986cb579
Result
Threat name:
TrickBot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/848579
Signature
Detected unpacking (changes PE section rights)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Trickbot
Behaviour
Behavior Graph:
Download SVG
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/def94d349e3c5637e40dcf603fd7c41d8807f13c0804bea48f1e098fd7629578/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2021-09-10 05:47:22 UTC
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
gozi
Create hunting rule
Similar samples:
03b58de7881d04ca77d4e7473b5876b5b648f7366cd25b7f9bad4b851c22f201
TrickBot
341186306bd4d9d32fa8e6cebaa58aba3756c9bfdc4d5bef3dd42acae7789fe8
TrickBot
342c6f896cfd65506ce1940e8c9902e47f2921830ca8085d1e2847fc7b7cb102
TrickBot
39adc7e2ea2a22034a153bb7d5eaba75ac81a26ddb0407bab5108242d1878c44
TrickBot
49e61873c2864b4a39bfb6c520ea9644d1b38088cd11a6d0f2f6ced91b793856
TrickBot
6b62e970d1c770e694aaccad7d7b874895731ed5c7c6029be9f6badc3b533332
TrickBot
d423f00832f44b4195a686c691b2f20e55bd4c31145a43561f83f1ea661bfc60
TrickBot
ff2e1604b5ab04fc43039d5f94d08073f756115b1018846a253c0ad93ed94f8b
TrickBot
ffaa54fe26b7cb4b86bdb7d49a5b2e609cffdc3c3db9460a77f074b503988504
TrickBot
+ 3'919 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:rob130 banker trojan
Link:
https://tria.ge/reports/210910-ggcgjshdh9/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Trickbot
Malware Config
C2 Extraction:
65.152.201.203:443
185.56.175.122:443
46.99.175.217:443
179.189.229.254:443
46.99.175.149:443
181.129.167.82:443
216.166.148.187:443
46.99.188.223:443
128.201.76.252:443
62.99.79.77:443
60.51.47.65:443
24.162.214.166:443
45.36.99.184:443
97.83.40.67:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443
Unpacked files
SH256 hash:
c6c2ec8a3bf192f51719ce65b52a68052727100ea9fef10738473c6924381539
MD5 hash:
ac3b97e0245389f8c65533eb876add05
SHA1 hash:
ee9fd23683946a3e705e2e3128820908de303504
Detections:
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/5b0c14d2-20b5-4958-a18d-b3e62675a094/
SH256 hash:
def94d349e3c5637e40dcf603fd7c41d8807f13c0804bea48f1e098fd7629578
MD5 hash:
e1444cb2351bcb72bc19c034a7525635
SHA1 hash:
ef46ced87944f595aa6377e9108054a43df3d439
Link:
https://www.unpac.me/results/5b0c14d2-20b5-4958-a18d-b3e62675a094/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/def94d349e3c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/def94d349e3c5637e40dcf603fd7c41d8807f13c0804bea48f1e098fd7629578

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

Executable exe def94d349e3c5637e40dcf603fd7c41d8807f13c0804bea48f1e098fd7629578

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/186776/

Comments


Avatar
zbet commented on 2021-09-10 05:46:06 UTC

url : hxxp://45.148.121.227/images/readytunes.png