1d81426bbbda6bb684df77ce2b54b65040cb204feaf19ef7a314efe33c377a80 | Triage

Sharing

General

Target

60ae3209413136b40ab2b4fcd11884d6dfeb330b
Size

364KB
Sample

191018-5dpavxa8bj
MD5

de21b8b92b7e90e1e5b36af418009b1d
SHA1

60ae3209413136b40ab2b4fcd11884d6dfeb330b
SHA256

1d81426bbbda6bb684df77ce2b54b65040cb204feaf19ef7a314efe33c377a80
SHA512

787bab9d3a30be8d674a6c3e89177e27d2df3da21d3055a66b0c79f620b7a74482cdf4dc9267d9ed7c3e6b8e63ef5ed6af8cca88eabcbea36cf4aae6d98d3bcf

Score

10^/10

Malware Config

Targets

- Target
  
  60ae3209413136b40ab2b4fcd11884d6dfeb330b
- Size
  
  364KB
- MD5
  
  de21b8b92b7e90e1e5b36af418009b1d
- SHA1
  
  60ae3209413136b40ab2b4fcd11884d6dfeb330b
- SHA256
  
  1d81426bbbda6bb684df77ce2b54b65040cb204feaf19ef7a314efe33c377a80
- SHA512
  
  787bab9d3a30be8d674a6c3e89177e27d2df3da21d3055a66b0c79f620b7a74482cdf4dc9267d9ed7c3e6b8e63ef5ed6af8cca88eabcbea36cf4aae6d98d3bcf
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2