Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30ebf4174d1703dd66d867ba65cd015d3604c938

  • Size

    728KB

  • Sample

    191018-9z5rvjxg6s

  • MD5

    5cc9f3d6e5cc64338bc74dc7de5e3b93

  • SHA1

    30ebf4174d1703dd66d867ba65cd015d3604c938

  • SHA256

    cbf1bb0acfa0adf0cc63952e220e52c5215c74f84ec49c3fa00b476ba04dc59e

  • SHA512

    ddd08ab149b3ebef980e26353464a55fe4e01cbbff59928c1383c31b3b7dec05f3ac13b6bba43bde0c2bf08f819f41893a9ad4b089f78c018d525259f74af17f

Score
10/10

Malware Config

Targets

    • Target

      30ebf4174d1703dd66d867ba65cd015d3604c938

    • Size

      728KB

    • MD5

      5cc9f3d6e5cc64338bc74dc7de5e3b93

    • SHA1

      30ebf4174d1703dd66d867ba65cd015d3604c938

    • SHA256

      cbf1bb0acfa0adf0cc63952e220e52c5215c74f84ec49c3fa00b476ba04dc59e

    • SHA512

      ddd08ab149b3ebef980e26353464a55fe4e01cbbff59928c1383c31b3b7dec05f3ac13b6bba43bde0c2bf08f819f41893a9ad4b089f78c018d525259f74af17f

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks