MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edb5656c0d629d11678ee35d6f0b38b3497cd80d00ecd21b2059305dea8052e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	edb5656c0d629d11678ee35d6f0b38b3497cd80d00ecd21b2059305dea8052e5
SHA3-384 hash:	8cd58a1f02d5368a88ea0727cfb1456a2e986b2499e37a2de9dae2c316e1e01396428cb45ef9a61b9eab1e1bb13c480c
SHA1 hash:	eed38d4828f35c0d28bd4ff26031084899dfd333
MD5 hash:	8e3d3f90cb572121809d2945db6b02e6
humanhash:	potato-red-sierra-sixteen
File name:	SecuriteInfo.com.Trojan.GenericKD.45876819.30148.14969
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	305'664 bytes
First seen:	2021-03-11 19:40:46 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	5257b5b96f130223691bf1928cb55d0b (2 x TrickBot)
ssdeep	6144:JRJhqLIHeLLWGf6dQoyHQXkmGveSOgiijfpEF25PjX0m7:LJhMmeLL5cQogQXkzGSOgi8jEm
TLSH	1054F15021D0D071D09716305CBEC7735A3B7C1799B9998B7FBA1F2D9E90B809A38B2B
Reporter	SecuriteInfoCom
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

249

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.45876819.30148.14969.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/637295

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/edb5656c0d629d11678ee35d6f0b38b3497cd80d00ecd21b2059305dea8052e5/

Threat name:

Win32.Trojan.Trickpak

Status:

Malicious

First seen:

2021-03-10 23:09:47 UTC

AV detection:

18 of 28 (64.29%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

trickbot

Score:

10/10

Tags:

family:trickbot botnet:mon122 banker trojan

Link:

https://tria.ge/reports/210311-2lc1kar79n/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Trickbot

Malware Config

C2 Extraction:

103.225.138.94:449
122.2.28.70:449
123.200.26.246:449
131.255.106.152:449
142.112.79.223:449
154.126.176.30:449
180.92.238.186:449
187.20.217.129:449
201.20.118.122:449
202.91.41.138:449
95.210.118.90:449

Unpacked files

SH256 hash:

edb5656c0d629d11678ee35d6f0b38b3497cd80d00ecd21b2059305dea8052e5

MD5 hash:

8e3d3f90cb572121809d2945db6b02e6

SHA1 hash:

eed38d4828f35c0d28bd4ff26031084899dfd333

Link:

https://www.unpac.me/results/6f39b3ef-43a6-4c0b-b53b-443362c8968a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/edb5656c0d629d11678ee35d6f0b38b3497cd80d00ecd21b2059305dea8052e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

DLL dll edb5656c0d629d11678ee35d6f0b38b3497cd80d00ecd21b2059305dea8052e5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1061722/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1061724/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample