Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2eb72c4993a981c9480427c83338105bcd0d863d

  • Size

    192KB

  • Sample

    191018-m9ktjhnaq6

  • MD5

    8dc7941b91e89b7bf9dfbb0fc091c85b

  • SHA1

    2eb72c4993a981c9480427c83338105bcd0d863d

  • SHA256

    eb54385986e592ccfba2276d97f653a1bf9e14acf34176e823f5a8f2da3df1b5

  • SHA512

    a70ea80869dab4dc5ca02a023e9529ece57dd260fa80f5b91ed110ea8dce937771411eeea72e9c7688270a1a750b058700f71735d350d2626ef492fe8529d053

Score
10/10

Malware Config

Targets

    • Target

      2eb72c4993a981c9480427c83338105bcd0d863d

    • Size

      192KB

    • MD5

      8dc7941b91e89b7bf9dfbb0fc091c85b

    • SHA1

      2eb72c4993a981c9480427c83338105bcd0d863d

    • SHA256

      eb54385986e592ccfba2276d97f653a1bf9e14acf34176e823f5a8f2da3df1b5

    • SHA512

      a70ea80869dab4dc5ca02a023e9529ece57dd260fa80f5b91ed110ea8dce937771411eeea72e9c7688270a1a750b058700f71735d350d2626ef492fe8529d053

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks