Overview

overview

10

Static

static

601c0982b6...65.exe

windows7-x64

10

601c0982b6...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    601c0982b6ec7bb295dc1ba9759c0862e26b91ea6fe1b59a3029f15bc276c165

  • Size

    365KB

  • Sample

    220731-hp67kadee4

  • MD5

    f29bc2a03740daf8e403b23c8d920cf7

  • SHA1

    ace92a37574960979f9ad6e8bff4cfb385590e3d

  • SHA256

    601c0982b6ec7bb295dc1ba9759c0862e26b91ea6fe1b59a3029f15bc276c165

  • SHA512

    2b92f6d33a2ef7d6131a6dad46a97bd81bace2525e3c453f354b37f7f4443c8149cf034f9ed26ae39aaa9af6510b0f36fe10c208eb86ec6e691fc189c93f0f44

Score
10/10
trickbotbankerevasiontrojan

Malware Config

Targets

    • Target

      601c0982b6ec7bb295dc1ba9759c0862e26b91ea6fe1b59a3029f15bc276c165

    • Size

      365KB

    • MD5

      f29bc2a03740daf8e403b23c8d920cf7

    • SHA1

      ace92a37574960979f9ad6e8bff4cfb385590e3d

    • SHA256

      601c0982b6ec7bb295dc1ba9759c0862e26b91ea6fe1b59a3029f15bc276c165

    • SHA512

      2b92f6d33a2ef7d6131a6dad46a97bd81bace2525e3c453f354b37f7f4443c8149cf034f9ed26ae39aaa9af6510b0f36fe10c208eb86ec6e691fc189c93f0f44

    Score
    10/10
    trickbotbankerevasiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks