73e462e48d639a6ed2bc798c451328260646fab7ef12d41381bcb48f9e5598b2 | Triage

Sharing

General

Target

2f8b0b6435ca18da75e8ae2e6745718124a26f66
Size

880KB
Sample

191018-dj47fcq5ta
MD5

6a86daaa778d10fa01d79b863098bb6a
SHA1

2f8b0b6435ca18da75e8ae2e6745718124a26f66
SHA256

73e462e48d639a6ed2bc798c451328260646fab7ef12d41381bcb48f9e5598b2
SHA512

3843826aa581d81435cf0a3d1f60d7b7e34466b56f9f9ff7d7741f548223956eff8570226b8c30d377b3e3e9e53036587edfaf13c03dd73215b1ebc22bf03f39

Score

10^/10

Malware Config

Targets

- Target
  
  2f8b0b6435ca18da75e8ae2e6745718124a26f66
- Size
  
  880KB
- MD5
  
  6a86daaa778d10fa01d79b863098bb6a
- SHA1
  
  2f8b0b6435ca18da75e8ae2e6745718124a26f66
- SHA256
  
  73e462e48d639a6ed2bc798c451328260646fab7ef12d41381bcb48f9e5598b2
- SHA512
  
  3843826aa581d81435cf0a3d1f60d7b7e34466b56f9f9ff7d7741f548223956eff8570226b8c30d377b3e3e9e53036587edfaf13c03dd73215b1ebc22bf03f39
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

task2