Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41ed194a7310eae9620d1b4facfbc33fb246c079

  • Size

    268KB

  • Sample

    191018-h4wh8mye46

  • MD5

    b97520c29779b435980c71d58389898f

  • SHA1

    41ed194a7310eae9620d1b4facfbc33fb246c079

  • SHA256

    343d223fc1337edd9e8af65cda88fc6a616c9a16c7c11598675ed8b07cb7d790

  • SHA512

    919573bc9e8acade313f7e3313cd737d46b10bfa0fd8b46604f37c8234527f49133f98d8912d11fae9d8d22f5beee1df42294f624781c7b0b6e07704464c545c

Score
10/10

Malware Config

Targets

    • Target

      41ed194a7310eae9620d1b4facfbc33fb246c079

    • Size

      268KB

    • MD5

      b97520c29779b435980c71d58389898f

    • SHA1

      41ed194a7310eae9620d1b4facfbc33fb246c079

    • SHA256

      343d223fc1337edd9e8af65cda88fc6a616c9a16c7c11598675ed8b07cb7d790

    • SHA512

      919573bc9e8acade313f7e3313cd737d46b10bfa0fd8b46604f37c8234527f49133f98d8912d11fae9d8d22f5beee1df42294f624781c7b0b6e07704464c545c

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks