trickbot | 008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc | Triage

Analysis

max time kernel
37s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 13:24

Sharing

Report Analysis Logs

General

Target

008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe
Size

292KB
MD5

cffe42160ce75c168a74e4c16d6be45f
SHA1

f65cacbd305a8a62294519baf13fcf8b176a452f
SHA256

008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc
SHA512

3c63568cfa9040ec539683a860821e9d42d54ee679077fbca7b2992f6cd2fa3c703c01f7c5aa5e9f0d0147ece4dba291f5bc24f3465bd364c3fc8e35baa3fc19

Score

10^/10

trickbot banker trojan

Malware Config

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 2 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral1/memory/1532-56-0x00000000003C0000-0x00000000003EB000-memory.dmp	trickbot_loader32
behavioral1/memory/1532-59-0x00000000003C0000-0x00000000003EB000-memory.dmp	trickbot_loader32

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe

pid process

1532 008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe

C:\Users\Admin\AppData\Local\Temp\008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe
"C:\Users\Admin\AppData\Local\Temp\008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1532

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1532-56-0x00000000003C0000-0x00000000003EB000-memory.dmp

Filesize
172KB

Download
memory/1532-58-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download
memory/1532-59-0x00000000003C0000-0x00000000003EB000-memory.dmp

Filesize
172KB

Download