eb54385986e592ccfba2276d97f653a1bf9e14acf34176e823f5a8f2da3df1b5 | Triage

Sharing

General

Target

2eb72c4993a981c9480427c83338105bcd0d863d
Size

192KB
Sample

191018-m9ktjhnaq6
MD5

8dc7941b91e89b7bf9dfbb0fc091c85b
SHA1

2eb72c4993a981c9480427c83338105bcd0d863d
SHA256

eb54385986e592ccfba2276d97f653a1bf9e14acf34176e823f5a8f2da3df1b5
SHA512

a70ea80869dab4dc5ca02a023e9529ece57dd260fa80f5b91ed110ea8dce937771411eeea72e9c7688270a1a750b058700f71735d350d2626ef492fe8529d053

Score

10^/10

Malware Config

Targets

- Target
  
  2eb72c4993a981c9480427c83338105bcd0d863d
- Size
  
  192KB
- MD5
  
  8dc7941b91e89b7bf9dfbb0fc091c85b
- SHA1
  
  2eb72c4993a981c9480427c83338105bcd0d863d
- SHA256
  
  eb54385986e592ccfba2276d97f653a1bf9e14acf34176e823f5a8f2da3df1b5
- SHA512
  
  a70ea80869dab4dc5ca02a023e9529ece57dd260fa80f5b91ed110ea8dce937771411eeea72e9c7688270a1a750b058700f71735d350d2626ef492fe8529d053
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2