MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f18e37c957973e11af3e470a4ca4d350537ff72af51a01b02b8d45e5600b1e80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f18e37c957973e11af3e470a4ca4d350537ff72af51a01b02b8d45e5600b1e80
SHA3-384 hash: fbea8114edc4e24dfee27362b6c3556a6772b67ddcbe5434511477f42bffd655908e5b128b3bfc08e5fdf67fc3c1eb3f
SHA1 hash: a5bf4766f86ebc0976caf6d8056206b2a34bd56f
MD5 hash: da495d6a4743db1c701d5a3eced7241c
humanhash: jupiter-quiet-pip-whiskey
File name:SecuriteInfo.com.Trojan.GenericKD.45888713.13347.32747
Download: download sample
Signature TrickBot
Create hunting rule
File size:663'552 bytes
First seen:2021-03-15 17:52:32 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 7102c01c2697cc580ffec55b1f88ef70 (1 x TrickBot)
ssdeep 12288:dRezyTNeT82rKNerPW36v1pPT6ptzoWW5OthE5jtukPEfuppS+:dReUS8dNyKfWwopKk
Threatray 3 similar samples on MalwareBazaar
TLSH AEE4CF23F5A2D1B5D0BF24392F9567B886F8ACA02E7FC543D340F99E8D305B60529396
Reporter SecuriteInfoCom
Tags:TrickBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
267
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45888713.13347.32747.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/79391310-cc33-4969-a9f7-10e1837361fc
Result
Threat name:
TrickBot
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/639848
Signature
Multi AV Scanner detection for submitted file
Yara detected Trickbot
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 368897 Sample: SecuriteInfo.com.Trojan.Gen... Startdate: 15/03/2021 Architecture: WINDOWS Score: 56 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Trickbot 2->29 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 20 8->12         started        14 regsvr32.exe 8->14         started        process5 16 iexplore.exe 1 76 10->16         started        process6 18 iexplore.exe 155 16->18         started        dnsIp7 21 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49747, 49748 YAHOO-DEBDE United Kingdom 18->21 23 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49741, 49742 FASTLYUS United States 18->23 25 11 other IPs or domains 18->25
Detection:
trickbot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f18e37c957973e11af3e470a4ca4d350537ff72af51a01b02b8d45e5600b1e80/
Threat name:
Win32.Trojan.Trickpak
Create hunting rule
Status:
Malicious
First seen:
2021-03-12 16:00:54 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
12c758880559bf8d54aa665bf63bd8fb3009d9df405515a55a20438509c4fbf5
TrickBot
44634b52d976a75fc982fd17910e7bc985bb98427ff8ddf5b89cec51553be157
TrickBot
b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9
TrickBot
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:mon132 banker trojan
Link:
https://tria.ge/reports/210315-1phfgky24x/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Templ.dll packer
Trickbot
Malware Config
C2 Extraction:
103.225.138.94:449
122.2.28.70:449
123.200.26.246:449
131.255.106.152:449
142.112.79.223:449
154.126.176.30:449
180.92.238.186:449
187.20.217.129:449
201.20.118.122:449
202.91.41.138:449
95.210.118.90:449
Unpacked files
SH256 hash:
ce9a291f67b297f4ffe8abfb4c815df32db9f0bddfc8e3fe01424bb052f4c746
MD5 hash:
ec0212d5d7456051c47f56c754842272
SHA1 hash:
e000fd4ce0693fb943e27aa82e13c110a5eaa097
Link:
https://www.unpac.me/results/4424ed3c-44cb-4b4f-9cd7-92fe4e56c511/
SH256 hash:
8e9ae4d06275e138b8db5ad2d8ce1dd1e3a7bcab19ade62dc39e134cd3017283
MD5 hash:
c7273c3089781b8f2de61ff386f4dd47
SHA1 hash:
675527efda1a1398b0c89ef46190cfa8324f8b44
Detections:
win_trickbot_a4
Create hunting rule
win_trickbot_auto
Create hunting rule
Link:
https://www.unpac.me/results/4424ed3c-44cb-4b4f-9cd7-92fe4e56c511/
SH256 hash:
7c318b7fdb0b3d8b3e2aa51039610f01424a5a49e8885657dbd7c5824d41e8d4
MD5 hash:
312084f7d56fc2d8b43d8ae5becdd38d
SHA1 hash:
3624d661978dd9bfc6297ddc900b9c06260f4916
Link:
https://www.unpac.me/results/4424ed3c-44cb-4b4f-9cd7-92fe4e56c511/
SH256 hash:
f18e37c957973e11af3e470a4ca4d350537ff72af51a01b02b8d45e5600b1e80
MD5 hash:
da495d6a4743db1c701d5a3eced7241c
SHA1 hash:
a5bf4766f86ebc0976caf6d8056206b2a34bd56f
Link:
https://www.unpac.me/results/4424ed3c-44cb-4b4f-9cd7-92fe4e56c511/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f18e37c957973e11af3e470a4ca4d350537ff72af51a01b02b8d45e5600b1e80

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TrickBot

DLL dll f18e37c957973e11af3e470a4ca4d350537ff72af51a01b02b8d45e5600b1e80

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1068975/
  
Delivery method
Distributed via web download

Comments