MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259
SHA3-384 hash:	5fa7d7b9f5693258125f61fab86c72fef7d299717dccfacba1499712a8244e483b29ce18ab144a531ca5394f5b340e45
SHA1 hash:	27c8b524feea374eaad634f64765edc11875c09b
MD5 hash:	12ed18c21ac5e79af16d6dc5e735715f
humanhash:	low-salami-stream-hot
File name:	SecuriteInfo.com.Trojan.Trick.46529.1914.1817
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	700'467 bytes
First seen:	2020-03-18 13:39:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	facac38a79f5f77491948b84ce8584cc (11 x TrickBot)
ssdeep	12288:j5ba2SroKa5pwYM30A25cyDbXHELnUilfe0iLl5hCWc12jT7qjcuoq:BSfaM30A25AlGt55gWpvujN
Threatray	2'787 similar samples on MalwareBazaar
TLSH	5CE47C2666347423D1D244714EAAD378AD28BCD261426C4F3DC1BD0867B3C93B9B5EEE
Reporter	SecuriteInfoCom
Tags:	TrickBot

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Trick.46529.1914.1817.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Trickbot

Status:

Malicious

First seen:

2020-03-19 03:56:18 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7czrz4lx2wsn5e465daz2yu57fkivqzxehchyzwxdpbxneroyjmq._file

Verdict:

malicious

Label(s):

trickbot

TrickBot

497eebb26dbf500508b344dec05bbadb1e0421d77be6defc150bce9f88ea37b9

TrickBot

764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afeb

TrickBot

76edf0ebea99cf07ff5bb900193c4efa05e971c2bc2097ec70d5e54ad7b3dce8

TrickBot

814c1770aa6e418212eeec6a5170a1aba281370750bb22d040acfec544cb34e3

TrickBot

841fccdc97e1f86bd50c1437517ce63c0969598a2aafd3064fd950b6d9bebd9d

TrickBot

aa816907cbe55fb2e170741297322bdfecc1e68b7f0420fc0459f4d57a395a86

TrickBot

bde211630a1bf959caa59f585baf9c2cf1f8eaaa4dbe53f0c9ed7d1c083f0088

TrickBot

c2d499169a652c5c86ef28b7dca25f23e986bdd93b23fe02115923f698d61b58

TrickBot

da995f78d6ba4f7acab4a421e759cc15d2a3b8ca5549edd76605252e410d65ac

TrickBot

+ 2'777 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f8b31cf177d5a4de939ee8c19d629df9548ac33721c47c66d71bc376922ec259

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample