MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f3f2e0e5f0dd4c1b04f2434b95aba1fafd91df0e0e75cf6a851d5238f1ad0ffb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
TrickBot
Vendor detections: 7
| SHA256 hash: | f3f2e0e5f0dd4c1b04f2434b95aba1fafd91df0e0e75cf6a851d5238f1ad0ffb |
|---|---|
| SHA3-384 hash: | 267b10a5106c6761edb040b8ab75a0fe82cc35c22764ef4d28f94ce48fd57343ef7830dfad2d85ec6328a27ec488ff0b |
| SHA1 hash: | 77c338ad2c72a01380a68150449dd6cca2ca7870 |
| MD5 hash: | c361c1bd2335782d5cb24ac81e2d5e6c |
| humanhash: | low-nine-india-harry |
| File name: | f3f2e0e5f0dd4c1b04f2434b95aba1fafd91df0e0e75cf6a851d5238f1ad0ffb |
| Download: | download sample |
| Signature | TrickBot |
| File size: | 675'840 bytes |
| First seen: | 2020-11-11 10:52:55 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | ba56e34e8a22ac91a660555598e60e39 (5 x TrickBot) |
| ssdeep | 12288:wdfM5r3Du848qRffZrfRBUU8vg0whwRKCV50robF7z:wu5rTH4tR3ZdBUUP01RKC8EbF/ |
| TLSH | 74E4CF123AE2C076C29655324ED6CFB9B2F5E9508B7266C7B7C40F5D7E34AC0963630A |
| Reporter |  seifreed |
| Tags: | TrickBot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% directory
Delayed writing of the file
Deleting a recently created file
Launching a process
Connection attempt
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.TrickBot
Status:
Malicious
First seen:
2020-11-11 10:53:34 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
trickbot
Score:
10/10
Tags:
family:trickbot botnet:tar2 banker trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Trickbot
Unpacked files
SH256 hash:
f3f2e0e5f0dd4c1b04f2434b95aba1fafd91df0e0e75cf6a851d5238f1ad0ffb
MD5 hash:
c361c1bd2335782d5cb24ac81e2d5e6c
SHA1 hash:
77c338ad2c72a01380a68150449dd6cca2ca7870
SH256 hash:
4c15d9ba5c60923f601828004fa067e20d955cec58157d3f1497d4c2007ba114
MD5 hash:
a5203a4ffdf5f52877dd56ec1004dd54
SHA1 hash:
19d82fcd865abd8030c57359cecc303c9ba7f66c
SH256 hash:
b881ee8159e9978164801bed29bbf2da206c5fc1213ffcb7bdec6c57516c92d7
MD5 hash:
fae33903288952ef492e83cdd6a13919
SHA1 hash:
c7527dae5a3a22edbeca2424f6da7374848215df
SH256 hash:
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5
MD5 hash:
8f8226f3671db4833a9e091d3ad25b07
SHA1 hash:
caa16573f44e49e30079ba1fced6d6ef16eb8969
Detections:
win_trickbot_a4
win_trickbot_g6
win_trickbot_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.