trickbot | 6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36 | Triage

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 04:57

Sharing

Report Analysis Logs

General

Target

6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36.exe
Size

300KB
MD5

639f6e849afdc63d6d94b9a60ff89625
SHA1

ef63247906ec06065effbfeb822ca90b5b26ae9e
SHA256

6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36
SHA512

7630932c7d5f7a554e83b741e2120f29453ffe4f66fadbfc3e4c134c5eb6020b10fdf08bde8a92e958446417f682f3c504c03e3193ba6170308454e2e67d53e4

Score

10^/10

trickbot banker trojan

Malware Config

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 3 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral2/memory/3508-130-0x0000000000650000-0x0000000000659000-memory.dmp	trickbot_loader32
behavioral2/memory/3508-132-0x0000000000640000-0x0000000000647000-memory.dmp	trickbot_loader32
behavioral2/memory/3508-133-0x0000000000651000-0x0000000000658000-memory.dmp	trickbot_loader32

C:\Users\Admin\AppData\Local\Temp\6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36.exe
"C:\Users\Admin\AppData\Local\Temp\6e1ef7c3b4a23c315aecda8bf42c9b66ae1dbe30bb9ef090218ca04bdfe0ff36.exe"
1⤵
PID:3508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3508-130-0x0000000000650000-0x0000000000659000-memory.dmp

Filesize
36KB

Download
memory/3508-132-0x0000000000640000-0x0000000000647000-memory.dmp

Filesize
28KB

Download
memory/3508-133-0x0000000000651000-0x0000000000658000-memory.dmp

Filesize
28KB

Download