Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b70119e477f01a901a14a0378ced471f93cee7f6

  • Size

    868KB

  • Sample

    191018-n76fe2empj

  • MD5

    ad3c9ee7fd527d092715c4b6c3936e01

  • SHA1

    b70119e477f01a901a14a0378ced471f93cee7f6

  • SHA256

    bbef4b3dd5c38980d54261ecc4220545f428a71c3238893e12458b2608de2c9d

  • SHA512

    56f88b19aa458e857448c454b55d9ae1e1d0e38e212c69bb7e23868135b6c6bb5e95f15048607f1879e469d94c8f97770551b22af615d8578b3cb178348dcf35

Score
10/10

Malware Config

Targets

    • Target

      b70119e477f01a901a14a0378ced471f93cee7f6

    • Size

      868KB

    • MD5

      ad3c9ee7fd527d092715c4b6c3936e01

    • SHA1

      b70119e477f01a901a14a0378ced471f93cee7f6

    • SHA256

      bbef4b3dd5c38980d54261ecc4220545f428a71c3238893e12458b2608de2c9d

    • SHA512

      56f88b19aa458e857448c454b55d9ae1e1d0e38e212c69bb7e23868135b6c6bb5e95f15048607f1879e469d94c8f97770551b22af615d8578b3cb178348dcf35

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks