541852f64b1d45aa7fd0cfb6b14eb67c709f6da3514803aef0a8c8409153ced7 | Triage

Sharing

General

Target

36c09a576e35a70e5400c545c19f3ad5420e4c33
Size

548KB
Sample

191018-j1rn7h112e
MD5

6baf0b5b86faf5a1cc6037d6ea492493
SHA1

36c09a576e35a70e5400c545c19f3ad5420e4c33
SHA256

541852f64b1d45aa7fd0cfb6b14eb67c709f6da3514803aef0a8c8409153ced7
SHA512

3ff6515511901004f7a4741a84f0590ad028e552729f355e678eb9b0fe61aee5600984c78691aa1f64033a337766e9bb66afdf6f96967c577d969da327f8da5a

Score

10^/10

Malware Config

Targets

- Target
  
  36c09a576e35a70e5400c545c19f3ad5420e4c33
- Size
  
  548KB
- MD5
  
  6baf0b5b86faf5a1cc6037d6ea492493
- SHA1
  
  36c09a576e35a70e5400c545c19f3ad5420e4c33
- SHA256
  
  541852f64b1d45aa7fd0cfb6b14eb67c709f6da3514803aef0a8c8409153ced7
- SHA512
  
  3ff6515511901004f7a4741a84f0590ad028e552729f355e678eb9b0fe61aee5600984c78691aa1f64033a337766e9bb66afdf6f96967c577d969da327f8da5a
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2