Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1aea1121475df57b5802c84583c4dc89500baa75

  • Size

    269KB

  • Sample

    191018-5prbh9aams

  • MD5

    7e56dd08f3ba9dd3b0c449da701d9ae4

  • SHA1

    1aea1121475df57b5802c84583c4dc89500baa75

  • SHA256

    7c06d1f53ccc14d4548b595f7c9afddf07be9c7a799e7a55a671cdf95e27bdca

  • SHA512

    43cf72edfabb797068995ce005938e3e24e348534866c45ca1f67f80e1c87c3c4c32f6c1d0bbf961edc821618ae09a919c1257167099615085a2bbc85d04d2a8

Score
10/10

Malware Config

Targets

    • Target

      1aea1121475df57b5802c84583c4dc89500baa75

    • Size

      269KB

    • MD5

      7e56dd08f3ba9dd3b0c449da701d9ae4

    • SHA1

      1aea1121475df57b5802c84583c4dc89500baa75

    • SHA256

      7c06d1f53ccc14d4548b595f7c9afddf07be9c7a799e7a55a671cdf95e27bdca

    • SHA512

      43cf72edfabb797068995ce005938e3e24e348534866c45ca1f67f80e1c87c3c4c32f6c1d0bbf961edc821618ae09a919c1257167099615085a2bbc85d04d2a8

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks