trickbot | cfba11af8aae17a07edcc3e306dc11b9a9b5143b1d2bf265564d0219fcab9d17 | Triage

Submit
Reports

Overview

overview

Static

static

cfba11af8a...17.exe

windows7-x64

cfba11af8a...17.exe

windows10-2004-x64

Sharing

General

Target

cfba11af8aae17a07edcc3e306dc11b9a9b5143b1d2bf265564d0219fcab9d17
Size

274KB
Sample

220731-hn1cmaecgn
MD5

2d9a2aac9084a566348e4a8444d6345b
SHA1

d0dd7bc90451c152df1eb2267d0230bf31033cb8
SHA256

cfba11af8aae17a07edcc3e306dc11b9a9b5143b1d2bf265564d0219fcab9d17
SHA512

7ee637d6a42a97d1e88b02d7164e60ce0d2db55db2874821cfe5e61331cf1ab9a3b7113ce949c6bdc436b8273e450ab5ae97f914350e0f59b1baea0d3711f6b5

Score

10^/10

trickbot banker evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

cfba11af8aae17a07edcc3e306dc11b9a9b5143b1d2bf265564d0219fcab9d17.exe

Resource

win7-20220718-en

trickbot banker evasion trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

cfba11af8aae17a07edcc3e306dc11b9a9b5143b1d2bf265564d0219fcab9d17.exe

Resource

win10v2004-20220722-en

trickbot banker trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  cfba11af8aae17a07edcc3e306dc11b9a9b5143b1d2bf265564d0219fcab9d17
- Size
  
  274KB
- MD5
  
  2d9a2aac9084a566348e4a8444d6345b
- SHA1
  
  d0dd7bc90451c152df1eb2267d0230bf31033cb8
- SHA256
  
  cfba11af8aae17a07edcc3e306dc11b9a9b5143b1d2bf265564d0219fcab9d17
- SHA512
  
  7ee637d6a42a97d1e88b02d7164e60ce0d2db55db2874821cfe5e61331cf1ab9a3b7113ce949c6bdc436b8273e450ab5ae97f914350e0f59b1baea0d3711f6b5
Score

10^/10

trickbot banker evasion trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Stops running service(s)
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerevasiontrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy