trickbot | 6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36 | Triage

Analysis

max time kernel
146s
max time network
165s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
31-07-2022 04:57

Sharing

Report Analysis Logs

General

Target

6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36.exe
Size

300KB
MD5

639f6e849afdc63d6d94b9a60ff89625
SHA1

ef63247906ec06065effbfeb822ca90b5b26ae9e
SHA256

6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36
SHA512

7630932c7d5f7a554e83b741e2120f29453ffe4f66fadbfc3e4c134c5eb6020b10fdf08bde8a92e958446417f682f3c504c03e3193ba6170308454e2e67d53e4

Score

10^/10

trickbot banker trojan

Malware Config

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 3 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral1/memory/384-55-0x00000000001C0000-0x00000000001C9000-memory.dmp	trickbot_loader32
behavioral1/memory/384-57-0x00000000001B0000-0x00000000001B7000-memory.dmp	trickbot_loader32
behavioral1/memory/384-58-0x00000000001C1000-0x00000000001C8000-memory.dmp	trickbot_loader32

C:\Users\Admin\AppData\Local\Temp\6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36.exe
"C:\Users\Admin\AppData\Local\Temp\6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36.exe"
1⤵
PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-54-0x0000000076291000-0x0000000076293000-memory.dmp

Filesize
8KB

Download
memory/384-55-0x00000000001C0000-0x00000000001C9000-memory.dmp

Filesize
36KB

Download
memory/384-57-0x00000000001B0000-0x00000000001B7000-memory.dmp

Filesize
28KB

Download
memory/384-58-0x00000000001C1000-0x00000000001C8000-memory.dmp

Filesize
28KB

Download