Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36c09a576e35a70e5400c545c19f3ad5420e4c33

  • Size

    548KB

  • Sample

    191018-j1rn7h112e

  • MD5

    6baf0b5b86faf5a1cc6037d6ea492493

  • SHA1

    36c09a576e35a70e5400c545c19f3ad5420e4c33

  • SHA256

    541852f64b1d45aa7fd0cfb6b14eb67c709f6da3514803aef0a8c8409153ced7

  • SHA512

    3ff6515511901004f7a4741a84f0590ad028e552729f355e678eb9b0fe61aee5600984c78691aa1f64033a337766e9bb66afdf6f96967c577d969da327f8da5a

Score
10/10

Malware Config

Targets

    • Target

      36c09a576e35a70e5400c545c19f3ad5420e4c33

    • Size

      548KB

    • MD5

      6baf0b5b86faf5a1cc6037d6ea492493

    • SHA1

      36c09a576e35a70e5400c545c19f3ad5420e4c33

    • SHA256

      541852f64b1d45aa7fd0cfb6b14eb67c709f6da3514803aef0a8c8409153ced7

    • SHA512

      3ff6515511901004f7a4741a84f0590ad028e552729f355e678eb9b0fe61aee5600984c78691aa1f64033a337766e9bb66afdf6f96967c577d969da327f8da5a

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks