trickbot | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

trickbot
Size

2.7MB
MD5

878c538a3acc666f96b74e987a3e579f
SHA1

abffed857f15d8a80e64aaf13667add9033c2aae
SHA256

38bda9baac921f012075d800e5a38f1f387c6c7b4956d1ce48296e759a73d09f
SHA512

3019872ba67859b3cd6df26367532df0ebfb40e502e33475794fe9624712b899c8ad292e3b2a3a2fa5823a3291756770c1334d3d1089f2b3e6acfc623d8bd5c7
SSDEEP

49152:VX7ae1GYF3BnfBtwz8c1o7klGuQSK+Z2472jUfwApyqsTAz6AGs0QsTKZHyVdiBp:jQ197lyqsTqTL2VTfUz

Score

N/A

Malware Config

Signatures

Files

trickbot
.dll windows x86

f3deb6209dc9c95daaecc9f849af840f

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

Issuer

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Not Before

30-03-2022 08:15

Not After

30-03-2023 08:35

Subject

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:43:95:99:c3:2c:63:31:18:db:1b:81:c8:c1:4d:38:a9:58:0b:99:4e:fb:44:4c:b9:27:05:4c:b2:f8:06:bb
Signer

Actual PE Digest

b1:43:95:99:c3:2c:63:31:18:db:1b:81:c8:c1:4d:38:a9:58:0b:99:4e:fb:44:4c:b9:27:05:4c:b2:f8:06:bb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

30-06-2022 15:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Imports

kernel32

GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LCMapStringW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
GetProfileStringA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
HeapSize
HeapReAlloc
GetACP
TerminateProcess
ExitProcess
RaiseException
HeapFree
GetCommandLineA
HeapAlloc
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
SizeofResource
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetProcessVersion
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
CloseHandle
GetModuleFileNameA
CreateProcessA
GlobalAlloc
GetCurrentThread
lstrcmpA
GlobalFree
SetLastError
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcpyA
GlobalLock
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
MulDiv
GetModuleHandleA
GetProcAddress
lstrlenA
MultiByteToWideChar
GetLastError
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
lstrcpynA
GetFileAttributesA
LoadLibraryW
GetCurrentProcess

user32

DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
RedrawWindow
IsZoomed
SetParent
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ShowOwnedPopups
ValidateRect
TranslateMessage
GetMessageA
CharUpperA
GetSysColorBrush
LoadStringA
GetClassNameA
FindWindowA
GetTabbedTextExtentA
InflateRect
GetDCEx
LockWindowUpdate
SetCapture
InvertRect
InsertMenuA
GetMenuStringA
DestroyIcon
ClientToScreen
WindowFromPoint
KillTimer
SetTimer
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
DispatchMessageA
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
RegisterClassA
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
CreateWindowExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
GrayStringA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetLastActivePopup
BringWindowToTop
EqualRect
CopyRect
GetDlgItem
SetWindowLongA
SetWindowPos
GetMenuItemCount
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
GetMenu
LoadIconA
GetClassInfoA
DestroyMenu
SetFocus
GetActiveWindow
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
GetCapture
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
GetDlgCtrlID
IsIconic
AdjustWindowRectEx
PeekMessageA
GetCursorPos
ScreenToClient
wsprintfA
InvalidateRect
PtInRect
FillRect
GetSysColor
SetRect
OffsetRect
EnableWindow
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode
PostMessageA
EnumThreadWindows
GetSubMenu
IsChild
GetDC
ReleaseDC
ShowScrollBar
LoadCursorA
SetCursor
DestroyCursor
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
RemovePropA
GetWindowDC
GetParent
GetNextDlgTabItem
IsWindowVisible
UpdateWindow
SendMessageA
GetKeyState
GetClientRect
LoadMenuA
SetWindowsHookExA

gdi32

DeleteObject
GetCharWidthA
CreateFontA
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
CreateCompatibleBitmap
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
GetTextMetricsA
LPtoDP
GetBkColor
GetNearestColor
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
CreateFontIndirectA
GetTextFaceA
GetWindowOrgEx
SetRectRgn
CombineRgn
BitBlt
CreateCompatibleDC
SelectObject
StretchDIBits
GetObjectA
SetBkColor
SetTextColor
GetClipBox
DeleteDC
CreateDCA
SetAbortProc
StartDocA
StartPage
EndPage
EndDoc
AbortDoc
GetViewportOrgEx
CreatePen
DPtoLP
Rectangle
GetStockObject
PatBlt
GetDeviceCaps
CreateDIBitmap
GetTextExtentPointA
CreateBitmap

comdlg32

PrintDlgA
GetFileTitleA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteValueA
GetFileSecurityA
RegQueryValueA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegCreateKeyA
SetFileSecurityA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
ExtractIconA

comctl32

ord17

Exports

Exports

StartW

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 832KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.debug$P
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3deb6209dc9c95daaecc9f849af840f

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:caCertificate

Extended Key Usages

Key Usages

b1:43:95:99:c3:2c:63:31:18:db:1b:81:c8:c1:4d:38:a9:58:0b:99:4e:fb:44:4c:b9:27:05:4c:b2:f8:06:bbSigner

Signature Validations

Verification

30-06-2022 15:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.wixburn Size: 48KB - Virtual size: 46KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 248KB - Virtual size: 246KB

.reloc Size: 28KB - Virtual size: 26KB

.edata Size: 832KB - Virtual size: 829KB

.debug$P Size: 8KB - Virtual size: 7KB

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

b1:43:95:99:c3:2c:63:31:18:db:1b:81:c8:c1:4d:38:a9:58:0b:99:4e:fb:44:4c:b9:27:05:4c:b2:f8:06:bb
Signer

30-06-2022 15:34
Valid: false

.text
Size: 208KB - Virtual size: 207KB

.wixburn
Size: 48KB - Virtual size: 46KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 248KB - Virtual size: 246KB

.reloc
Size: 28KB - Virtual size: 26KB

.edata
Size: 832KB - Virtual size: 829KB

.debug$P
Size: 8KB - Virtual size: 7KB