Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fec98b8cdd890124ce5c203a64b38050f5459801

  • Size

    268KB

  • Sample

    191018-qj96et9cnj

  • MD5

    6fd21672246d86f4b0d2378ef7bd023b

  • SHA1

    fec98b8cdd890124ce5c203a64b38050f5459801

  • SHA256

    3a5773b76f24e640e21b1cb014c4ee6ebd2cbc05bc7f1c54be6a23aa323cfc45

  • SHA512

    0bcdd29c0ccce61fe0a7da3f2fdf1f589bd133974e941acf43e16063c347961b6f765aeec8b4a87aa4b4a17cacc0b62cf8fa61b59722fdbfa30efe09853b9752

Score
10/10

Malware Config

Targets

    • Target

      fec98b8cdd890124ce5c203a64b38050f5459801

    • Size

      268KB

    • MD5

      6fd21672246d86f4b0d2378ef7bd023b

    • SHA1

      fec98b8cdd890124ce5c203a64b38050f5459801

    • SHA256

      3a5773b76f24e640e21b1cb014c4ee6ebd2cbc05bc7f1c54be6a23aa323cfc45

    • SHA512

      0bcdd29c0ccce61fe0a7da3f2fdf1f589bd133974e941acf43e16063c347961b6f765aeec8b4a87aa4b4a17cacc0b62cf8fa61b59722fdbfa30efe09853b9752

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks