MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6d2806dc3d2fa9663130b70eb62946e5d504635a91a42324bcaa8e9762754f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6d2806dc3d2fa9663130b70eb62946e5d504635a91a42324bcaa8e9762754f0
SHA3-384 hash: bead07dc97a1c7bdb54a4eaa0d7b68195dfbac046027559ad87fec170b6f123641d5838599979a5b9dcab4e636fe585e
SHA1 hash: b38473d31f751c0e5193fedc241654be2e516379
MD5 hash: c1f2338746635f245b953a77bd0dae72
humanhash: one-leopard-rugby-double
File name:e6d2806dc3d2fa9663130b70eb62946e5d504635a91a42324bcaa8e9762754f0
Download: download sample
Signature TrickBot
Create hunting rule
File size:359'767 bytes
First seen:2020-06-03 09:40:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5cf8f8970573dd7550aeb1b7e1c9767c (1 x TrickBot)
ssdeep 3072:xpNMs+Kr1wbWGjl0xjsNNeVKBNVBxKT46xl+wndfIQQOaC3QBn7/hsb2BhGZ1/Nb:xpNMsLWEjsXjBATRpuuwnGD/Nj6a
Threatray 105 similar samples on MalwareBazaar
TLSH 90748D1031C1CCB1D0A8193996609FB60D7D6C646F50ACCF3B9E37BE19B43D8AA3566E
Reporter raashidbhatt
Tags:exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Win.Packer.Crypter-6539596-1
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:08:41 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
044e1fb5fc6ecd58ea3ad131054c27c448312974086e205241768b61f165db3c
TrickBot
0e5c9ddbb8ec46a3af32d51332606dca4ad9a7608f931738035ab8e6190692f4
TrickBot
2e57b874485735adc113736a9602531504c49239abb33a1adeaea91d72e80132
TrickBot
56814de68808c4a33679ad72720f8bb864b4092f99b8773d472f13f304f76483
TrickBot
5fe412edff720d39cddbc83e576ae0c2c490b2e6dcbbedce0361760c5b3491b3
TrickBot
6141592a54730e4dc49205165c4b4c11ea62df8f236420e79d78cff20a82cda3
TrickBot
6e00d7416b36a3a45fd6e64d9dfc2b217a426fb22109003b2ada6782989b73f4
TrickBot
a53f639d9fc551902cccea22dacc77b62fac63516d18418c3008c18cd619f993
TrickBot
ba89f7dc0cf7460c81cf90fdfdb3f4a659458f6544108942f5ea44b5f962c98d
TrickBot
c304a479235303c0725cf36845313692e5d9a2d9f7db7e77de3c0d75229c5e0f
TrickBot
+ 95 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-zqc65ksgcn/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Adds Run key to start application
Enumerates connected drives
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments