1a99aa6e1384825cc743edcded40b73c73eea21e0d965c8ac38361291d6f7373 | Triage

Sharing

General

Target

ecf315df8321b5bee5395cff7add2206d385dab0
Size

428KB
Sample

191018-tgvqksr3x6
MD5

89bee1f7f5569db11cf80872726240a9
SHA1

ecf315df8321b5bee5395cff7add2206d385dab0
SHA256

1a99aa6e1384825cc743edcded40b73c73eea21e0d965c8ac38361291d6f7373
SHA512

6b834bf6e0f4b04d62c6fbfc87d56fadeda151ad3c9c5c44defc3a1c8b2ab9a342934d16056d5162cd133c498159217ce31666957586b43e3e134156d2e194ff

Score

10^/10

Malware Config

Targets

- Target
  
  ecf315df8321b5bee5395cff7add2206d385dab0
- Size
  
  428KB
- MD5
  
  89bee1f7f5569db11cf80872726240a9
- SHA1
  
  ecf315df8321b5bee5395cff7add2206d385dab0
- SHA256
  
  1a99aa6e1384825cc743edcded40b73c73eea21e0d965c8ac38361291d6f7373
- SHA512
  
  6b834bf6e0f4b04d62c6fbfc87d56fadeda151ad3c9c5c44defc3a1c8b2ab9a342934d16056d5162cd133c498159217ce31666957586b43e3e134156d2e194ff
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

task2