File: 5da547e87d6ef12349fb4dbba9cf3146a358e284f72361dd07bbabfc95b0bac3

Metadata
File name:2017-08-12-Trickbot-binary-from-usdata.estoreseller.com.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:532480 bytes
Analysis date:2017-08-15 11:16:22
MD5:f42f72c32a3b737f9ccd6321963c1d30
SHA1:15ea6f90233a5359a22361113f1b09ea510a07a1
SHA256:5da547e87d6ef12349fb4dbba9cf3146a358e284f72361dd07bbabfc95b0bac3
SHA512:20749a7e684835f2653d2700d48dcf8d7be138d2bae18c95de307105e04a3d1d47595d1f5e13077ddff671b6b6faeece4a7bbc276096452500c6468d827d2791
SSDEEP:6144:qVcjhwOoxNWSjwNmBJQ7ib0DeFOC7c36a9ga1QY1nIlTeUGdbGbpn:qVc1wV3sIeioivAXX1vUGt2N
IMPHASH:7500f26364e1bb4bb5012c9dca22c37e
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 5da547e87d6ef12349fb4dbba9cf3146a358e284f72361dd07bbabfc95b0bac3.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
wtfismyip.com158.69.26.138
Hosts
Hosts the malware sample communicates with.
158.69.26.138
185.86.151.195
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
wtfismyip.com/textMozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
AV Detections
AV detection names associated with the malware sample.
ALYacTrojan.Trickbot.G
AVGWin32:Malware-gen
AVwareTrojan.Win32.Generic!BT
Ad-AwareTrojan.Trickbot.G
AegisLabMl.Attribute.Gen!c
AhnLab-V3Trojan/Win32.Trickster.C2085996
ArcabitTrojan.Trickbot.G
AvastWin32:Malware-gen
AviraTR/Crypt.XPACK.Gen7
BaiduWin32.Trojan.WisdomEyes.16070401.9500.9633
BitDefenderTrojan.Trickbot.G
CAT-QuickHealTrojan.Trickster
ComodoUnclassifiedMalware
CrowdStrikemalicious_confidence_90% (W)
CylanceUnsafe
CyrenW32/Trojan.FPOO-2925
DrWebTrojan.Siggen7.24879
ESET-NOD32Win32/TrickBot.O
EmsisoftTrojan.Trickbot.G (B)
Endgamemalicious (high confidence)
F-SecureTrojan.Trickbot.G
FortinetW32/Generic.AP.9F5966!tr
GDataTrojan.Trickbot.G
IkarusTrojan.Win32.Trickbot
Invinceaheuristic
JiangminTrojan.Trickster.le
K7AntiVirusTrojan ( 0050e59b1 )
K7GWTrojan ( 0050e59b1 )
KasperskyTrojan.Win32.Trickster.aeu
MAXmalware (ai score=99)
MalwarebytesTrojan.TrickBot
McAfeeRDN/Generic.hra
McAfee-GW-EditionBehavesLike.Win32.FakeAlertSecurityTool.hh
MicroWorld-eScanTrojan.Trickbot.G
MicrosoftTrojan:Win32/Dynamer!rfn
NANO-AntivirusTrojan.Win32.Trickster.ertsfl
Paloaltogeneric.ml
PandaTrj/GdSda.A
RisingTrojan.Trickster!8.E0E2 (cloud:tjMjMcgoXxB)
SentinelOnestatic engine - malicious
SophosTroj/TrikBot-C
SymantecTrojan.Trickybot
TencentWin32.Trojan.Trickster.Eamx
TrendMicroTSPY_LOKI.GSW
TrendMicro-HouseCallTSPY_LOKI.GSW
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.U.Agent.532480.A
WebrootW32.Trojan.Gen
WhiteArmorMalware.HighConfidence
ZoneAlarmTrojan.Win32.Trickster.aeu
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\TreatAs
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocServer32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocServerX86
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\LocalServer32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocHandler32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocHandlerX86
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
HKEY_CLASSES_ROOT\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\UnsafeSslApps
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
Comments
User comments about 5da547e87d6ef12349fb4dbba9cf3146a358e284f72361dd07bbabfc95b0bac3.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.