MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9b68e43d01d092285e1d109241939a85473ec285448074d0ad0098bc1975550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9b68e43d01d092285e1d109241939a85473ec285448074d0ad0098bc1975550
SHA3-384 hash: b8b242a629cedca4ff6ef7044c2137f2b59d38bc85e30dd65b32089dce924db58fcf83f9fab35f4b8ae94da2b9de2038
SHA1 hash: 32b0c5eed06e7341157c94dba45837dba2645ca4
MD5 hash: d051a8eeb78373e1293b845651423040
humanhash: lactose-bacon-quebec-asparagus
File name:e9b68e43d01d092285e1d109241939a85473ec285448074d0ad0098bc1975550
Download: download sample
Signature TrickBot
Create hunting rule
File size:956'178 bytes
First seen:2020-03-23 16:21:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 30c26c200f67281e268fce2af9fd3bae (1 x TrickBot)
ssdeep 24576:YkB0D41XcAUF4Mj0egnM6Nss2LyK0C/i95GiBgGit8:U4FcAjUeys2uGizg8
Threatray 8 similar samples on MalwareBazaar
TLSH 6B155B29FB8B15F5E61357728A5FE23B9B61BA1A4022FFBFFF4A1A05A4321073C11541
Reporter Marco_Ramilli
Tags:exe TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Ursu-6973163-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 03:57:40 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5g3i4q6qduesfbpb2eesigjzvbkhh3bikreaotik2aeyxqmxkvia._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
09c8cbd9cdfda1fcb7c6a051887213dc3e3ccf00a5877eca3d3e374f077b98d5
TrickBot
31d52e671fdc07d36d8023d00313cfb955451395b46439aa98fbab9dabfe10a9
TrickBot
4a97c7666ce53a862a84873ad6bcfcd84b5cddd216ac6aa4f15998802d90f94e
TrickBot
7194aa3ef48725220516bc618aec8ab92ddef859de8f584a6a214ed9812e221a
TrickBot
8d3e005de2a2653aa88e129673e8996751fbeb0628a2710fe0081e424a13d4ff
TrickBot
c64ca381d3329fbaea7e63fa5dd2a07c60ca3e267c882121e34837074fd81ac9
TrickBot
ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50
TrickBot
ee22d1b889f577512fc9a45da2ce24a1ddcafdf1fd412f8dd42aa3b112d1fa91
TrickBot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::CreateWindowExA

Comments