Overview

overview

10

Static

static

bbd0ca9719...f4.exe

windows7-x64

10

bbd0ca9719...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbd0ca9719854ce438ece7149ceb554202df8740f48c82c2d720d3baa07617f4

  • Size

    600KB

  • Sample

    220731-g6gskaced6

  • MD5

    9505b9103683330e861ce6ed0ece0270

  • SHA1

    eefc9ac38568e0fa48c9d2db1ef352bd7918be7f

  • SHA256

    bbd0ca9719854ce438ece7149ceb554202df8740f48c82c2d720d3baa07617f4

  • SHA512

    cdbe548243055cfa5060f2734dd7066ca466ff1a5cf95350af85994d10804fc3385101762c3d08f9a999a5c352c86b1b0494da702b068204cc2214caf69c7696

Score
10/10
trickbotbankertrojan

Malware Config

Targets

    • Target

      bbd0ca9719854ce438ece7149ceb554202df8740f48c82c2d720d3baa07617f4

    • Size

      600KB

    • MD5

      9505b9103683330e861ce6ed0ece0270

    • SHA1

      eefc9ac38568e0fa48c9d2db1ef352bd7918be7f

    • SHA256

      bbd0ca9719854ce438ece7149ceb554202df8740f48c82c2d720d3baa07617f4

    • SHA512

      cdbe548243055cfa5060f2734dd7066ca466ff1a5cf95350af85994d10804fc3385101762c3d08f9a999a5c352c86b1b0494da702b068204cc2214caf69c7696

    Score
    10/10
    trickbotbankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks