Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60ae3209413136b40ab2b4fcd11884d6dfeb330b

  • Size

    364KB

  • Sample

    191018-5dpavxa8bj

  • MD5

    de21b8b92b7e90e1e5b36af418009b1d

  • SHA1

    60ae3209413136b40ab2b4fcd11884d6dfeb330b

  • SHA256

    1d81426bbbda6bb684df77ce2b54b65040cb204feaf19ef7a314efe33c377a80

  • SHA512

    787bab9d3a30be8d674a6c3e89177e27d2df3da21d3055a66b0c79f620b7a74482cdf4dc9267d9ed7c3e6b8e63ef5ed6af8cca88eabcbea36cf4aae6d98d3bcf

Score
10/10

Malware Config

Targets

    • Target

      60ae3209413136b40ab2b4fcd11884d6dfeb330b

    • Size

      364KB

    • MD5

      de21b8b92b7e90e1e5b36af418009b1d

    • SHA1

      60ae3209413136b40ab2b4fcd11884d6dfeb330b

    • SHA256

      1d81426bbbda6bb684df77ce2b54b65040cb204feaf19ef7a314efe33c377a80

    • SHA512

      787bab9d3a30be8d674a6c3e89177e27d2df3da21d3055a66b0c79f620b7a74482cdf4dc9267d9ed7c3e6b8e63ef5ed6af8cca88eabcbea36cf4aae6d98d3bcf

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks