Overview

overview

10

Static

static

54b5873aef...08.exe

windows7-x64

10

54b5873aef...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54b5873aef008d4b738bfbe4d674d4f08126e2f72fa3337841a982fa98ff8d08

  • Size

    341KB

  • Sample

    220725-w5q26sebbp

  • MD5

    284eca5253a65e73b5c0d805b5b5cd0d

  • SHA1

    a20d7b7977ce7f6656e4adad96b9fe7f0d159341

  • SHA256

    54b5873aef008d4b738bfbe4d674d4f08126e2f72fa3337841a982fa98ff8d08

  • SHA512

    2ed464a40ead03bf94134976f69ef1e1ebadbb6f99c51cfd7001e9eaafb834d3d1e70e0ddfded116989977726fc3a1fa6b2f01ba2ca7efc3458b48a393959725

Score
10/10
trickbotbankertrojan

Malware Config

Targets

    • Target

      54b5873aef008d4b738bfbe4d674d4f08126e2f72fa3337841a982fa98ff8d08

    • Size

      341KB

    • MD5

      284eca5253a65e73b5c0d805b5b5cd0d

    • SHA1

      a20d7b7977ce7f6656e4adad96b9fe7f0d159341

    • SHA256

      54b5873aef008d4b738bfbe4d674d4f08126e2f72fa3337841a982fa98ff8d08

    • SHA512

      2ed464a40ead03bf94134976f69ef1e1ebadbb6f99c51cfd7001e9eaafb834d3d1e70e0ddfded116989977726fc3a1fa6b2f01ba2ca7efc3458b48a393959725

    Score
    10/10
    trickbotbankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks