cbf1bb0acfa0adf0cc63952e220e52c5215c74f84ec49c3fa00b476ba04dc59e | Triage

Sharing

General

Target

30ebf4174d1703dd66d867ba65cd015d3604c938
Size

728KB
Sample

191018-9z5rvjxg6s
MD5

5cc9f3d6e5cc64338bc74dc7de5e3b93
SHA1

30ebf4174d1703dd66d867ba65cd015d3604c938
SHA256

cbf1bb0acfa0adf0cc63952e220e52c5215c74f84ec49c3fa00b476ba04dc59e
SHA512

ddd08ab149b3ebef980e26353464a55fe4e01cbbff59928c1383c31b3b7dec05f3ac13b6bba43bde0c2bf08f819f41893a9ad4b089f78c018d525259f74af17f

Score

10^/10

Malware Config

Targets

- Target
  
  30ebf4174d1703dd66d867ba65cd015d3604c938
- Size
  
  728KB
- MD5
  
  5cc9f3d6e5cc64338bc74dc7de5e3b93
- SHA1
  
  30ebf4174d1703dd66d867ba65cd015d3604c938
- SHA256
  
  cbf1bb0acfa0adf0cc63952e220e52c5215c74f84ec49c3fa00b476ba04dc59e
- SHA512
  
  ddd08ab149b3ebef980e26353464a55fe4e01cbbff59928c1383c31b3b7dec05f3ac13b6bba43bde0c2bf08f819f41893a9ad4b089f78c018d525259f74af17f
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2