2d460c1b74fa57a2480b44ea35f5ab583d6fb33736085cccb3e9449f1158f048 | Triage

Sharing

General

Target

74e9f572b117ae54bbe6d3055332117071bc6e40
Size

704KB
Sample

191018-yl64kemqrx
MD5

dc0a634187cde296ff3f3fb68c3d319b
SHA1

74e9f572b117ae54bbe6d3055332117071bc6e40
SHA256

2d460c1b74fa57a2480b44ea35f5ab583d6fb33736085cccb3e9449f1158f048
SHA512

3dea84df90ca7464b5a0e5b847121741ddadd4482f18ad26d0f9b2d64780d75293be83814fa8450848bd0ba55d60c73224b6fcc6651dbf03c61b1b2e6c606585

Score

10^/10

Malware Config

Targets

- Target
  
  74e9f572b117ae54bbe6d3055332117071bc6e40
- Size
  
  704KB
- MD5
  
  dc0a634187cde296ff3f3fb68c3d319b
- SHA1
  
  74e9f572b117ae54bbe6d3055332117071bc6e40
- SHA256
  
  2d460c1b74fa57a2480b44ea35f5ab583d6fb33736085cccb3e9449f1158f048
- SHA512
  
  3dea84df90ca7464b5a0e5b847121741ddadd4482f18ad26d0f9b2d64780d75293be83814fa8450848bd0ba55d60c73224b6fcc6651dbf03c61b1b2e6c606585
Score

10^/10
- Trickbot persistence files
  trojan banker
- trickbot family
  family
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2