MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TrickBot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4
SHA3-384 hash: 519504d80388041cd5020dddf11e3ad8d4934e6cf13db2cc2f0770fe81a0ba927e51b381dac296e084988b95377f5a8d
SHA1 hash: 66f370b3a1dcfb9c87a31b35d2c0951a3b1612f8
MD5 hash: 0828f63b9396fead9231cae937694a37
humanhash: illinois-burger-maryland-spring
File name:ONKVD.dll
Download: download sample
Signature TrickBot
Create hunting rule
File size:311'296 bytes
First seen:2020-09-17 04:36:17 UTC
Last seen:2020-09-17 06:04:21 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 07e7f26345b6390fa188148a0f2ef833 (1 x TrickBot)
ssdeep 3072:Uz/9xlxG5uQ5qPfKUwUS6pRBdHQwlaAwgQegMjA3k30qSeLZerTCC0NBSNka9Jvo:2NG51UrS6pRBdwwlaDe3EqSedAWU2as
Threatray 2'862 similar samples on MalwareBazaar
TLSH E164E0036C5F8CF2E4456171CA96AFA296326D1A76AAD403DB303DEDDDF1350FA2920D
Reporter ffforward
Tags:dll ono76 TrickBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
230
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/62638/
Detection(s):
SecuriteInfo.com.Artemis0828F63B9396.16684.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Trickbot
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/468739
Signature
Allocates memory in foreign processes
Delayed program exit found
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected Trickbot
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-09-17 00:53:33 UTC
File Type:
PE (Dll)
Extracted files:
18
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7x5wobxd6bleatnbskfbvdodxtskws4eop2j4hbennflf3ogtlka._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
1b70916e2d3e600ed8f1bb48d9b784669e5c77b9129befb0609425f91880192c
TrickBot
3cf985169b9ce680c9ead4415e6eb5f62991ebe22856c53a697bbad1d43bcf5a
TrickBot
5abc66f1c2e2fb7c2d74dbaa17cfa47b1a4f4fc576ef7c842bc1de10bf236e5e
TrickBot
5c8356172fa558970b2136a5284da800910c0fef74a75a7eb160874ed3edeec2
TrickBot
5ec3fca3f0fa3232c85ace8ea62056223149452b70bee259706984e2c96e1998
TrickBot
7fee0f3adb6bb5a3ed22ad960709a87893e2512d099f6c8c39946097d9a4122b
TrickBot
a46867b0d1a681e81886d2ab962209d39d36aa701cdff18b20159a93db40f1ec
TrickBot
b917f1d2b3e003cf83fc2a16e25481c1f4cc12d83b9c5879b98744e4a6ff220e
TrickBot
f3d2c3f97d52b31f00be046d39ae0ff4dbee7f42c32cbddfca7d613dbb9fb6f3
TrickBot
fbb4e4339bbb0bce98f6de368a927d77cfcd15067f178d80f626da35f9a08981
TrickBot
+ 2'852 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/200917-s926zl5jrj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TrickBot

Word file doc aff25d7c750f2650aa7defe1363ebac4ecc8df43e29224fa607598e69b5393d3

TrickBot

Visual Basic Script (vbe) vbe 136b345a239295acc0329ae85463e0b249ee43f2409efef6b003dd31a10b40d6

TrickBot

DLL dll fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4

(this sample)

  
Dropped by
SHA256 136b345a239295acc0329ae85463e0b249ee43f2409efef6b003dd31a10b40d6
Cape
Cape
https://www.capesandbox.com/analysis/62638/

Comments