Overview

overview

10

Static

static

6107260dd6...59.exe

windows7-x64

10

6107260dd6...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6107260dd663fec1471796aa6f5963847f2cba1fc7168d0a8d5a67242bf13059

  • Size

    792KB

  • Sample

    220730-2c8dmsbgep

  • MD5

    cf9b789f70aeeb8b1a921b3c7029c794

  • SHA1

    46b360e38719c9f61032f41141287ec774dde417

  • SHA256

    6107260dd663fec1471796aa6f5963847f2cba1fc7168d0a8d5a67242bf13059

  • SHA512

    99c45d97feac77082aebe76d2ab5d77a901b1b27f4a9b43b8a477a0f5e2673a13796212d53f9aa9524d6ac3315c630ed63d830bcc5a533a73dc8ff3b8150718c

Score
10/10
trickbotbankertrojan

Malware Config

Targets

    • Target

      6107260dd663fec1471796aa6f5963847f2cba1fc7168d0a8d5a67242bf13059

    • Size

      792KB

    • MD5

      cf9b789f70aeeb8b1a921b3c7029c794

    • SHA1

      46b360e38719c9f61032f41141287ec774dde417

    • SHA256

      6107260dd663fec1471796aa6f5963847f2cba1fc7168d0a8d5a67242bf13059

    • SHA512

      99c45d97feac77082aebe76d2ab5d77a901b1b27f4a9b43b8a477a0f5e2673a13796212d53f9aa9524d6ac3315c630ed63d830bcc5a533a73dc8ff3b8150718c

    Score
    10/10
    trickbotbankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks