MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
TrickBot
Vendor detections: 6
| SHA256 hash: | fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350 |
|---|---|
| SHA3-384 hash: | e24dff521e924d7a17eff8c711dbc00e712858879ea62275ceda66961580923a69aec11d66f83955170b378db74f5bdc |
| SHA1 hash: | 14a6e46be7863db3090d81a18d4e080ac005f437 |
| MD5 hash: | b44c5540e020963aca89f3b9a96beb35 |
| humanhash: | carolina-florida-burger-mexico |
| File name: | c361c1bd2335782d5cb24ac81e2d5e6c |
| Download: | download sample |
| Signature | TrickBot |
| File size: | 675'840 bytes |
| First seen: | 2020-11-17 15:20:29 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | ba56e34e8a22ac91a660555598e60e39 (5 x TrickBot) |
| ssdeep | 12288:96zG7KjQ+oJLVaRwYdNKxRBUU8vg0whwRKCV50robF7z:9l7eoFsRjdN6BUUP01RKC8EbF/ |
| TLSH | 9CE4C0123AE2C076C29655324ED6CFB9B2B5D9508B7266C7B7C50F5C7E34AC09B3630A |
| Reporter |  seifreed |
| Tags: | TrickBot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% directory
Delayed writing of the file
Deleting a recently created file
Launching a process
Connection attempt
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.TrickBot
Status:
Malicious
First seen:
2020-11-17 15:28:19 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
5/5
Result
Malware family:
trickbot
Score:
10/10
Tags:
family:trickbot botnet:tar2 banker trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Trickbot
Malware Config
C2 Extraction:
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
Unpacked files
SH256 hash:
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350
MD5 hash:
b44c5540e020963aca89f3b9a96beb35
SHA1 hash:
14a6e46be7863db3090d81a18d4e080ac005f437
SH256 hash:
4c15d9ba5c60923f601828004fa067e20d955cec58157d3f1497d4c2007ba114
MD5 hash:
a5203a4ffdf5f52877dd56ec1004dd54
SHA1 hash:
19d82fcd865abd8030c57359cecc303c9ba7f66c
SH256 hash:
b881ee8159e9978164801bed29bbf2da206c5fc1213ffcb7bdec6c57516c92d7
MD5 hash:
fae33903288952ef492e83cdd6a13919
SHA1 hash:
c7527dae5a3a22edbeca2424f6da7374848215df
SH256 hash:
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5
MD5 hash:
8f8226f3671db4833a9e091d3ad25b07
SHA1 hash:
caa16573f44e49e30079ba1fced6d6ef16eb8969
Detections:
win_trickbot_a4
win_trickbot_g6
win_trickbot_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.