Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74e9f572b117ae54bbe6d3055332117071bc6e40

  • Size

    704KB

  • Sample

    191018-yl64kemqrx

  • MD5

    dc0a634187cde296ff3f3fb68c3d319b

  • SHA1

    74e9f572b117ae54bbe6d3055332117071bc6e40

  • SHA256

    2d460c1b74fa57a2480b44ea35f5ab583d6fb33736085cccb3e9449f1158f048

  • SHA512

    3dea84df90ca7464b5a0e5b847121741ddadd4482f18ad26d0f9b2d64780d75293be83814fa8450848bd0ba55d60c73224b6fcc6651dbf03c61b1b2e6c606585

Score
10/10

Malware Config

Targets

    • Target

      74e9f572b117ae54bbe6d3055332117071bc6e40

    • Size

      704KB

    • MD5

      dc0a634187cde296ff3f3fb68c3d319b

    • SHA1

      74e9f572b117ae54bbe6d3055332117071bc6e40

    • SHA256

      2d460c1b74fa57a2480b44ea35f5ab583d6fb33736085cccb3e9449f1158f048

    • SHA512

      3dea84df90ca7464b5a0e5b847121741ddadd4482f18ad26d0f9b2d64780d75293be83814fa8450848bd0ba55d60c73224b6fcc6651dbf03c61b1b2e6c606585

    Score
    10/10

    • Trickbot persistence files

      trojanbanker

    • trickbot family

      family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks