Overview

overview

10

Static

static

e053947a18...ee.exe

windows7-x64

10

e053947a18...ee.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e053947a18a68631a4ef994942164414a319641bfb01185d6f55b317cbb128ee

  • Size

    350KB

  • Sample

    220731-f9gfjacahl

  • MD5

    02441573d362188574bb84b67032b83f

  • SHA1

    1a00c86f95c432810a173bbb4cb5e241282b0609

  • SHA256

    e053947a18a68631a4ef994942164414a319641bfb01185d6f55b317cbb128ee

  • SHA512

    8e2a397f89fde598a2b9afd7f0432dbd241179471e76240f6d37399f0e5bc7b812c0379b685493ec8c7cd669cc803af69136ce53da4e9374d9257abd2a613556

Score
10/10
trickbotbankertrojan

Malware Config

Targets

    • Target

      e053947a18a68631a4ef994942164414a319641bfb01185d6f55b317cbb128ee

    • Size

      350KB

    • MD5

      02441573d362188574bb84b67032b83f

    • SHA1

      1a00c86f95c432810a173bbb4cb5e241282b0609

    • SHA256

      e053947a18a68631a4ef994942164414a319641bfb01185d6f55b317cbb128ee

    • SHA512

      8e2a397f89fde598a2b9afd7f0432dbd241179471e76240f6d37399f0e5bc7b812c0379b685493ec8c7cd669cc803af69136ce53da4e9374d9257abd2a613556

    Score
    10/10
    trickbotbankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks