MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9f065cfe7edfa8c365bf45a46fd73081af15a53b9e67fb8a76f6060b142b7dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickBot

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	f9f065cfe7edfa8c365bf45a46fd73081af15a53b9e67fb8a76f6060b142b7dd
SHA3-384 hash:	d70d183227427922df12a7eb275f3da76d979e17835184384893e1fbea74310c4ecceea057b869f1ab616f682318304d
SHA1 hash:	6ff556db0d9dd97c933ff8f2d2a871c03f3ba9ff
MD5 hash:	8ac7b9954375d58bf6f1934377b5d4c8
humanhash:	three-alaska-lion-fruit
File name:	dtab.exe
Download:	download sample
Signature	TrickBot Create hunting rule
File size:	1'000'448 bytes
First seen:	2020-12-21 18:49:02 UTC
Last seen:	2020-12-21 20:47:18 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5abb3d9b9122807b8aa66b54f1d9283e (1 x TrickBot)
ssdeep	24576:HUXugzMY25urwjwchB2QKvumMnkUtI1x77uLbNs:HD2MV5uswcXls2Ns
Threatray	2'970 similar samples on MalwareBazaar
TLSH	CF258D644D2A9220D256C63400D972B1D73AFE366E0C16A7D5AD77ECAC307A28F77F06
Reporter	malware_traffic
Tags:	exe mor2 TrickBot

Intelligence

File Origin

# of uploads :

2

# of downloads :

267

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

dtab.exe

Verdict:

Malicious activity

Analysis date:

2020-12-21 20:46:54 UTC

Tags:

evasion

Link:

https://app.any.run/tasks/2c7aba3a-ca1d-4849-9be3-a5a200cad9e1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/108714/

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Generic.dc.14681.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/567627

Signature

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Potential time zone aware malware

Behaviour

Behavior Graph:

Detection:

trickbot

Link:

https://mwdb.cert.pl/sample/f9f065cfe7edfa8c365bf45a46fd73081af15a53b9e67fb8a76f6060b142b7dd/

Verdict:

malicious

Label(s):

trickbot

Similar samples:

126119655bf88be629e8cb7af17b74ed7316557a170e43bb518ce3072d1b6aef

2f84b8a85106e702ca8a3b71db94b1dc8dda5173e9e7b1f672b28c07d37f57ed

4ee11bd54d2f1dc61467de3f71bb6b9f01bfdd35df8fe586fa556f2383c96b21

52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929

58c4bea082b2f44f0beab5356ae2bc9bc73c3f13ab0491861bc2ba24690da103

648d3b8639ff54b8741ec84898b213836594539de6f0c11a6c9f34dccf5e79fe

6ca141e8ed2443113c9e497d231b93cf41d86b224993c48f589b375a830cd27c

bfa088b1ea61efa003343b09a536eaffa12bc90fb612f8ebcb8182785bb6eb16

c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be

faaa0098ad3de31c95506576653962bf783bdf347b6d22255d707561e30c5350

+ 2'960 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201221-cz46r87r5e/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

f9f065cfe7edfa8c365bf45a46fd73081af15a53b9e67fb8a76f6060b142b7dd

MD5 hash:

8ac7b9954375d58bf6f1934377b5d4c8

SHA1 hash:

6ff556db0d9dd97c933ff8f2d2a871c03f3ba9ff

Link:

https://www.unpac.me/results/4a5cbc46-7c80-4477-84e8-7f9e9128412e/

SH256 hash:

8be8d0596e145fb15886cbd83d605b82a69abea104d21210e887dc299754924f

MD5 hash:

d25f251658b31075cbf03b52c65678d3

SHA1 hash:

ad729ea8de07568845d6ae9f746fde92e52e3c31

Link:

https://www.unpac.me/results/4a5cbc46-7c80-4477-84e8-7f9e9128412e/

SH256 hash:

79e2976b7c5bee3186b9223267183935b2ca07da520bc81e019949f54aaf77e5

MD5 hash:

ed851a132454c3eb25504624e495934e

SHA1 hash:

04e9fed7187ffb90a5aff05ca6c52a88e6a85e98

Detections:

win_trickbot_a4

win_trickbot_auto

Link:

https://www.unpac.me/results/4a5cbc46-7c80-4477-84e8-7f9e9128412e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Virut

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f9f065cfe7edfa8c365bf45a46fd73081af15a53b9e67fb8a76f6060b142b7dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/108714/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample