trickbot | 0983eb624effc643a11db3a17755ec83c5db588330a89aaea612e199d77d0c43 | Triage

Submit
Reports

Overview

overview

Static

static

f7d50ffb24...74.exe

windows7_x64

f7d50ffb24...74.exe

windows10_x64

Sharing

General

Target

f7d50ffb24b9a7802c4657e3dd871574.exe
Size

440KB
Sample

211021-wj6kqsbeak
MD5

f7d50ffb24b9a7802c4657e3dd871574
SHA1

1d2b0641ac09a198f71e2b0e8e48351a6fca6674
SHA256

0983eb624effc643a11db3a17755ec83c5db588330a89aaea612e199d77d0c43
SHA512

ef5de20e5dcd89e010835758a9fc300b25ea1245d7472cb3a492b58db6cf42dbabb999df39f0e9394e0f7517b23056166ca073203e9ca5b7feba7a74057c8b9b

Score

10^/10

trickbot banker evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

f7d50ffb24b9a7802c4657e3dd871574.exe

Resource

win7-en-20210920

trickbot banker evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f7d50ffb24b9a7802c4657e3dd871574.exe

Resource

win10-en-20210920

trickbot banker evasion trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f7d50ffb24b9a7802c4657e3dd871574.exe
- Size
  
  440KB
- MD5
  
  f7d50ffb24b9a7802c4657e3dd871574
- SHA1
  
  1d2b0641ac09a198f71e2b0e8e48351a6fca6674
- SHA256
  
  0983eb624effc643a11db3a17755ec83c5db588330a89aaea612e199d77d0c43
- SHA512
  
  ef5de20e5dcd89e010835758a9fc300b25ea1245d7472cb3a492b58db6cf42dbabb999df39f0e9394e0f7517b23056166ca073203e9ca5b7feba7a74057c8b9b
Score

10^/10

trickbot banker evasion trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trickbotbankerevasiontrojan

behavioral2

trickbotbankerevasiontrojan

© 2018-2024

Terms | Privacy