MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f723a66d74e36a5e249a72c8f2a4cc4a7a313ecbf83198df5d377bb52f452768. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	f723a66d74e36a5e249a72c8f2a4cc4a7a313ecbf83198df5d377bb52f452768
SHA3-384 hash:	4b7fc4ff756965b4d658af8cf62894a134ba622e2462e44f62a19d23a77527e1033d024a5bcf8f71e72e8835110f7c74
SHA1 hash:	51787915f1017c62208d28daff814ebf4ec2ebaa
MD5 hash:	8e1eb9e025e49f0173b13e4ad679e9ec
humanhash:	romeo-steak-december-maine
File name:	8e1eb9e025e49f0173b13e4ad679e9ec.exe
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	1'882'112 bytes
First seen:	2021-09-10 14:22:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	542a8c0c784537b1ec6f0eae4088f47d (4 x TrickBot)
ssdeep	49152:SVB3Xujk16sb2FX6CzYQsWGAMAEYbGMctIBR:SzXuQ16sb2FX6RnWGJAtGMca
Threatray	3'846 similar samples on MalwareBazaar
TLSH	T1AA95F1323AC2C078D12205328A59F76942EEBFB55F3243DB76DC9E1F5A715C1AA36213
dhash icon	cc8a539286e471b2 (4 x TrickBot)
Reporter	abuse_ch
Tags:	exe TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

272

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

8e1eb9e025e49f0173b13e4ad679e9ec.exe

Verdict:

Suspicious activity

Analysis date:

2021-09-10 14:25:08 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/7ff3bae2-7640-4ca2-8443-ae4b803e7f90

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/186909/

Detection(s):

SecuriteInfo.com.Trojan.Packed.140.20955.10125.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Sending a UDP request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d9fccdde-371d-4854-9e2a-2a0471d57d73

Result

Threat name:

TrickBot

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/848839

Signature

Detected unpacking (changes PE section rights)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Trickbot

Behaviour

Behavior Graph:

Download SVG

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/f723a66d74e36a5e249a72c8f2a4cc4a7a313ecbf83198df5d377bb52f452768/

Threat name:

Win32.Worm.Cridex

Status:

Malicious

First seen:

2021-09-10 14:23:13 UTC

AV detection:

17 of 28 (60.71%)

Threat level:

5/5

Verdict:

malicious

Label(s):

trickbot

gozi

TrickBot

49e61873c2864b4a39bfb6c520ea9644d1b38088cd11a6d0f2f6ced91b793856

TrickBot

6b62e970d1c770e694aaccad7d7b874895731ed5c7c6029be9f6badc3b533332

TrickBot

8ab49e939399e4dd51e665e119b4d76c12cae36b3c72bb8aedf9c2ef73903a78

TrickBot

d423f00832f44b4195a686c691b2f20e55bd4c31145a43561f83f1ea661bfc60

TrickBot

def94d349e3c5637e40dcf603fd7c41d8807f13c0804bea48f1e098fd7629578

TrickBot

ffaa54fe26b7cb4b86bdb7d49a5b2e609cffdc3c3db9460a77f074b503988504

TrickBot

+ 3'836 additional samples on MalwareBazaar

Result

Malware family:

trickbot

Score:

10/10

Tags:

family:trickbot botnet:rob130 banker trojan

Link:

https://tria.ge/reports/210910-rp47msdcgn/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Trickbot

Malware Config

C2 Extraction:

65.152.201.203:443
185.56.175.122:443
46.99.175.217:443
179.189.229.254:443
46.99.175.149:443
181.129.167.82:443
216.166.148.187:443
46.99.188.223:443
128.201.76.252:443
62.99.79.77:443
60.51.47.65:443
24.162.214.166:443
45.36.99.184:443
97.83.40.67:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443