52e472778acc393299cfcdfcec641895b464770da12c3d0cf2e4430201815241 | Triage

Sharing

General

Target

f0a6bef71d57feee7c036899edc337bc1fb69160
Size

360KB
Sample

191018-tfbpyxqage
MD5

8d1329c53ce1c98d83f58f9d76c10c44
SHA1

f0a6bef71d57feee7c036899edc337bc1fb69160
SHA256

52e472778acc393299cfcdfcec641895b464770da12c3d0cf2e4430201815241
SHA512

9527f0980545589c20400dc99f650dce74dbb1faf2097bb696e2f59f30051bbb4910290a60b43db818563f428698d31b3103739afb849138a4ffb4d682d2285c

Score

10^/10

Malware Config

Targets

- Target
  
  f0a6bef71d57feee7c036899edc337bc1fb69160
- Size
  
  360KB
- MD5
  
  8d1329c53ce1c98d83f58f9d76c10c44
- SHA1
  
  f0a6bef71d57feee7c036899edc337bc1fb69160
- SHA256
  
  52e472778acc393299cfcdfcec641895b464770da12c3d0cf2e4430201815241
- SHA512
  
  9527f0980545589c20400dc99f650dce74dbb1faf2097bb696e2f59f30051bbb4910290a60b43db818563f428698d31b3103739afb849138a4ffb4d682d2285c
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

task2