MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df220d6e6d61d0cbad830bc74e1767a09285cbd009803e8af25ddf2901fb21c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	df220d6e6d61d0cbad830bc74e1767a09285cbd009803e8af25ddf2901fb21c8
SHA3-384 hash:	af680f3d7ee0f24a3478f10112ee3849ee6f6cc86fe2b20120d5c74c34050da2e3bd986fe6addea680094983c096161d
SHA1 hash:	d339f3ca55dd7408b2dd13b26b0b950e18c62abe
MD5 hash:	d8cc76df2a3e20314ec2a8d91f69e9d0
humanhash:	michigan-london-delaware-florida
File name:	virussign.com_d8cc76df2a3e20314ec2a8d91f69e9d0
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	466'944 bytes
First seen:	2022-07-15 17:29:33 UTC
Last seen:	2024-07-24 22:15:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	58471b8a9f8702d1a9e4838d7b7d501a (9 x TrickBot, 5 x Mansabo)
ssdeep	6144:zJB0PLonpe1h5nxJ48INpUubY3DNtjKh2ClmoyZ07rJi6dSM1twTrmRGwY8kh0+T:zJB0lh7r6bIj22CAoyerJVbtqeY89bsz
TLSH	T123A44C2DEB247969F15309B576002A9B3C918D385293DF46EB4689CDB401EE3F2F532B
TrID	54.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 18.3% (.EXE) Win64 Executable (generic) (10523/12/4) 8.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.8% (.EXE) Win32 Executable (generic) (4505/5/1) 3.5% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	KdssSupport
Tags:	exe TrickBot

KdssSupport

Uploaded with API

Intelligence

File Origin

# of uploads :

# of downloads :

380

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

virussign.com_d8cc76df2a3e20314ec2a8d91f69e9d0

Verdict:

Suspicious activity

Analysis date:

2022-07-15 21:32:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a9b902d8-a3dc-450d-ac73-5f48d033c579

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/290662/

Detection(s):

Win.Malware.Mansabo-7102049-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/62d1a4798dab2096b99f60ef/reports/b74ee89e-db3d-42a7-8027-e63911de157c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1033070

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/df220d6e6d61d0cbad830bc74e1767a09285cbd009803e8af25ddf2901fb21c8/

Threat name:

Win32.Spyware.TrickBot

Status:

Malicious

First seen:

2022-07-13 17:06:44 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 26 (96.15%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=34ra23tnmhimxlmdbpdu4f3hucjils6qbgad5cxslxpssap3ehea._file

Verdict:

malicious

Label(s):

trickbot

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220715-v264jsdbd7/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

df220d6e6d61d0cbad830bc74e1767a09285cbd009803e8af25ddf2901fb21c8

MD5 hash:

d8cc76df2a3e20314ec2a8d91f69e9d0

SHA1 hash:

d339f3ca55dd7408b2dd13b26b0b950e18c62abe

Link:

https://www.unpac.me/results/e5abbe6c-d854-476b-9d58-6cf750bb31bf/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/df220d6e6d61d0cbad830bc74e1767a09285cbd009803e8af25ddf2901fb21c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

exe df220d6e6d61d0cbad830bc74e1767a09285cbd009803e8af25ddf2901fb21c8

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/290662/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample