MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7594160c8df5c19d329c27fd3f49cb557afb36f5e34949eaf9ba575de8b9a93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7594160c8df5c19d329c27fd3f49cb557afb36f5e34949eaf9ba575de8b9a93
SHA3-384 hash: c064e2c8d66610d723712ecdcdd9e5c53e0158e4c1ab93f160e1754152bfa93ce58eda075410755b7bc67c9d52478fd7
SHA1 hash: dc39453bb75f8ebab049e2d875d51853603c43b4
MD5 hash: e967fa01c9bad22ae3d23d76ed61bc78
humanhash: texas-floor-fillet-red
File name:nete5.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:439'426 bytes
First seen:2021-07-22 17:27:14 UTC
Last seen:2021-07-22 18:45:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5d02bb9eaf349ef82aebf45925117831 (1 x TrickBot)
ssdeep 12288:dCQXHfmzl5O43PLKOWVaLuox94QsbcG0CZg3:lOrO2PLKlVFox94QswTCe3
Threatray 165 similar samples on MalwareBazaar
TLSH T12794BF00F896ECF6F7260FB55842B647B3153502096C9BDF5298C6AF1E1DB9093AC3B9
Reporter Scoobs_McGee
Tags:exe TrickBot zev4

Intelligence

File Origin
# of uploads :
2
# of downloads :
233
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
nete5.dll
Verdict:
No threats detected
Analysis date:
2021-07-22 17:31:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/18f5488a-ddbf-4b6f-b516-0acb0115be44

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173416/
Detection(s):
SecuriteInfo.com.Win64.TrojanX-genTrj.2558.13460.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/085b729d-9b9d-413a-b8c3-1b731bd64446
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/820339
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Sigma detected: Regsvr32 Command Line Without DLL
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7594160c8df5c19d329c27fd3f49cb557afb36f5e34949eaf9ba575de8b9a93/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-22 17:28:05 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1a82ee0d5a11d5431581aa185cee32ab29103083a65e5ddaffed04809b16137c
TrickBot
447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8
TrickBot
6c6939f72d85a8d97f4aa81c53d02dccca16e6deff4a2a3eb017ea374713aace
TrickBot
738f4267728385be1d6336685338a0af96f09587218dbc6b3b88db07d1326877
TrickBot
89e803fb3d77bd7c8ce32b32eaa6832dd37dba1fe675ac46cce0cb297646dc0d
TrickBot
b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417
TrickBot
cbe165fddd39686da18fb293060b912be8cb49a47dc1eab85aa1e6aa5c9c4570
TrickBot
f25aca08079e42ada9ce9fbd59639686c7e87be6979943b8a8a555bedbe1a7cf
TrickBot
f2caffa263687a0901d68e143af25169d67bac91489d6b62faa2727ed5bb49fe
TrickBot
+ 155 additional samples on MalwareBazaar
Result
Malware family:
trickbot
Create hunting rule
Score:
  10/10
Tags:
family:trickbot botnet:zev4 banker suricata trojan
Link:
https://tria.ge/reports/210722-sgre6vre36/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Suspicious use of NtCreateUserProcessOtherParentProcess
Trickbot
suricata: ET MALWARE BazaLoader Activity (GET)
Malware Config
C2 Extraction:
14.232.161.45:443
118.173.233.64:443
41.57.156.203:443
45.239.234.2:443
45.201.136.3:443
177.10.90.29:443
185.17.105.236:443
91.237.161.87:443
185.189.55.207:443
186.225.119.170:443
143.0.208.20:443
222.124.16.74:443
220.82.64.198:443
200.236.218.62:443
178.216.28.59:443
45.239.233.131:443
196.216.59.174:443
119.202.8.249:443
82.159.149.37:443
49.248.217.170:443
181.114.215.239:443
113.160.132.237:443
105.30.26.50:443
202.165.47.106:443
103.122.228.44:443
Unpacked files
SH256 hash:
f7594160c8df5c19d329c27fd3f49cb557afb36f5e34949eaf9ba575de8b9a93
MD5 hash:
e967fa01c9bad22ae3d23d76ed61bc78
SHA1 hash:
dc39453bb75f8ebab049e2d875d51853603c43b4
Link:
https://www.unpac.me/results/710f4ed8-9ae2-4bea-a0f2-a547ba23727c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f7594160c8df5c19d329c27fd3f49cb557afb36f5e34949eaf9ba575de8b9a93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/James_inthe_box/status/1418253931080163328
Cape
Cape
https://www.capesandbox.com/analysis/173416/

Comments