Overview

overview

10

Static

static

def23945ed...8a.exe

windows7-x64

10

def23945ed...8a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    def23945edd5c886e15be93a90595e1c7158e0c2fb23e8ff2c9b7d8b2a32b38a

  • Size

    728KB

  • Sample

    220724-sxahnshbbk

  • MD5

    95e1defac9e01e6e792cb794dadc16de

  • SHA1

    fb8482ed7e894743d34262299e0612b7b92c3159

  • SHA256

    def23945edd5c886e15be93a90595e1c7158e0c2fb23e8ff2c9b7d8b2a32b38a

  • SHA512

    bb4fd1f416da77ee51770c4cce9778652b1b7411f5d72af22b991842abb8cf5ba156c92263e55948c9ab92449602f9dc616792e1b8bce2a215948d6c8bf49965

Score
10/10
trickbotbankertrojan

Malware Config

Targets

    • Target

      def23945edd5c886e15be93a90595e1c7158e0c2fb23e8ff2c9b7d8b2a32b38a

    • Size

      728KB

    • MD5

      95e1defac9e01e6e792cb794dadc16de

    • SHA1

      fb8482ed7e894743d34262299e0612b7b92c3159

    • SHA256

      def23945edd5c886e15be93a90595e1c7158e0c2fb23e8ff2c9b7d8b2a32b38a

    • SHA512

      bb4fd1f416da77ee51770c4cce9778652b1b7411f5d72af22b991842abb8cf5ba156c92263e55948c9ab92449602f9dc616792e1b8bce2a215948d6c8bf49965

    Score
    10/10
    trickbotbankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks