MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2f38f9e1a1a443f3cae29cba1c5badb2d23453e782ed5fdb972be4507a873de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2f38f9e1a1a443f3cae29cba1c5badb2d23453e782ed5fdb972be4507a873de
SHA3-384 hash: 5ec4d59fcd75d2407f9ce7d550f2c660d7dcd3f2d11ea7e6b8159465f8c70a41f7bf8b5ae9095a8dfaad12ac02a41153
SHA1 hash: 09a054c75d0f1b02ed501b5f2e0a96ed082398d8
MD5 hash: a1f50fb45461716ed4eed11ff6979122
humanhash: lithium-lake-asparagus-delta
File name:269Omjnb5.exe
Download: download sample
Signature TrickBot
Create hunting rule
File size:651'446 bytes
First seen:2020-03-19 15:39:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a25d85a8a983370c0fce999508428f20 (1 x TrickBot)
ssdeep 6144:6eaJFJLRBDL5A04nKmLKICZkR2i9uwrdn52+1CYO/QPlFYeUu0mYJ1VYp:6bJT574nUuR2i9uInt9PPYeUuo1VYp
Threatray 3'315 similar samples on MalwareBazaar
TLSH CFD43A616C05E232D9B08138C597E6FD551BBF33E4019D0BA4C1FDE734BAA93AD9122E
Reporter abuse_ch
Tags:COVID-19 exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.51d597b001c251ed.12343.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-20 03:30:23 UTC
AV detection:
27 of 30 (90.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4lzy7hq2djcd6pfofhf2drn23mwsgrj6paxnl7nzok7ekb5ioppa._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
6fc676e30cf28110639d8ceb6dd435aade49eda40096768fe2a3f2b466d6a0b1
TrickBot
764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb
TrickBot
76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8
TrickBot
814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3
TrickBot
841fccdc97e1f86bd50c1437517ce63c0969598a2aafd3064fd950b6d9bebd9d
TrickBot
8deba9fb53096d6ea5e2090b662244293829096eee03d06108deb15e496a807e
TrickBot
9e91c4019c91b12e04bff20bf3418ddb84e29ff54f275293b1cec9688ba18441
TrickBot
c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58
TrickBot
da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac
TrickBot
f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259
TrickBot
+ 3'305 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e2f38f9e1a1a443f3cae29cba1c5badb2d23453e782ed5fdb972be4507a873de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

f7457a5a9a8443af26022ef6d683aae0

TrickBot

Executable exe e2f38f9e1a1a443f3cae29cba1c5badb2d23453e782ed5fdb972be4507a873de

(this sample)

  
X
https://twitter.com/0xCARNAGE/status/1240663427183501313
anyrun
any.run
https://app.any.run/tasks/d3fe34ef-d6fe-486f-b0fa-24da7e140cde/
  
Dropped by
MD5 f7457a5a9a8443af26022ef6d683aae0

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaExitProc
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaLateMemCallLd

Comments