35d73010bd70af36a431ced5094fb440b8f9aa06154b260b8f666fa0a951ea9c | Triage

Sharing

General

Target

4fa87ea1426e9d02c0aebe5fdefd03b42cb6640a
Size

344KB
Sample

191018-8bvc9711j2
MD5

9e1239a866bb7eba1f4a01079f6d7f8a
SHA1

4fa87ea1426e9d02c0aebe5fdefd03b42cb6640a
SHA256

35d73010bd70af36a431ced5094fb440b8f9aa06154b260b8f666fa0a951ea9c
SHA512

84ef44f7c7dd4fb5021491837d7c887a638bd38e5ec591d87bbc0b5dc3c0408173c0b4262984cb0ee03fe7070bd25be4928a42c6703b1e8f17f4097c01ab5603

Score

10^/10

Malware Config

Targets

- Target
  
  4fa87ea1426e9d02c0aebe5fdefd03b42cb6640a
- Size
  
  344KB
- MD5
  
  9e1239a866bb7eba1f4a01079f6d7f8a
- SHA1
  
  4fa87ea1426e9d02c0aebe5fdefd03b42cb6640a
- SHA256
  
  35d73010bd70af36a431ced5094fb440b8f9aa06154b260b8f666fa0a951ea9c
- SHA512
  
  84ef44f7c7dd4fb5021491837d7c887a638bd38e5ec591d87bbc0b5dc3c0408173c0b4262984cb0ee03fe7070bd25be4928a42c6703b1e8f17f4097c01ab5603
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2