MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e237d6e3b44c0bcacf4eff59f58c8028a48c0675f283adc96490ae6daf645bd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e237d6e3b44c0bcacf4eff59f58c8028a48c0675f283adc96490ae6daf645bd7
SHA3-384 hash: 9aca2abef2d3f7eed6fae9d7893ba85f6c6cbb43b6c0c849c104df2851ba4eacfb62f3ecc3afb88f14bf8a24c3a4a4de
SHA1 hash: a32910f0ed9f1fac4910f4d80205ed3d67864775
MD5 hash: e1be176c3a7dce1b40716862d2da4662
humanhash: tango-winner-foxtrot-kentucky
File name:SecuriteInfo.com.Generic.mg.e1be176c3a7dce1b.27003
Download: download sample
Signature TrickBot
Create hunting rule
File size:210'944 bytes
First seen:2020-06-25 10:52:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cd17d8c199274f3524272c58aab51673 (1 x ArkeiStealer, 1 x TrickBot, 1 x SystemBC)
ssdeep 3072:3ntBHEThek0w49U1vdE8e61T6X9kR85V6d6Zg3XV4t3SdORCXK/ksX7:3Mk3/9U1vdRj8+dM8Xyx/
Threatray 104 similar samples on MalwareBazaar
TLSH 25249E1B33F2D07FD4664D309D61BAB01A7FBC796626414B235C262F2D302F05A6A75B
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14199/
Detection(s):
SecuriteInfo.com.Generic.mg.e1be176c3a7dce1b.27003.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file in the %temp% directory
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Sending an HTTP POST request
Sending an HTTP GET request
Creating a process from a recently created file
Creating a file
Deleting a recently created file
Running batch commands
Launching a process
Using the Windows Management Instrumentation requests
Changing a file
Connection attempt to an infection source
Deleting of the original file
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e237d6e3b44c0bcacf4eff59f58c8028a48c0675f283adc96490ae6daf645bd7/
Threat name:
Win32.Ransomware.SodinokibiCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 10:37:05 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
2b911df18337cc69e42d8c16ab58856af2722c7618146a491c9efe54aa73fdbe
TrickBot
2ba5b16b9ce46066c1122bad1fc5feb3de0743451c6603b98e3d0ffe6f9cc019
TrickBot
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91
TrickBot
95a4cf409c7e7813bfa744598bee2e0e572b2d05ec31622867237ea6dab8a813
TrickBot
9b28aa737bbfec90341c6a42e2d44f3308659e4fb9dd42d98a0b46cde7aaed63
TrickBot
cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca
TrickBot
d7a340421f260de130a285233b110130fbccd2f26f1f70fc1600bf2855073017
TrickBot
d95b7c505dbb3905f88c71bb1efedfe716a0d65862a622eb932f3d774a07a740
TrickBot
e7c777cc2838334214d3349178f52cd2fdce9138cbd51de1c62bcc73a3478a4f
TrickBot
e91568f40d148d2bdf04cf14156febbbb0d72e10b876c38d0900e0a66cb8706f
TrickBot
+ 94 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200625-wylbpjq7gx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14199/

Comments