General

  • Target

    5e74cc530bf530ddc0e282e040341139499a679d161c615d3dbb80f63ba519c2

  • Size

    443KB

  • Sample

    220731-yzwftaeef2

  • MD5

    0e0c694b809e639d3e89d8d85b5e1b2d

  • SHA1

    95ae3dbca9ca15d3c1ef32d123472d172cf908c8

  • SHA256

    5e74cc530bf530ddc0e282e040341139499a679d161c615d3dbb80f63ba519c2

  • SHA512

    97628dc3d22ac14db1e315c841342dc83a7f4dbfb93b8389da46720f2134fca53b82440db4adbd6df62e7c4fd3860c2d3b4a816d6489be3dfb1d9be98491cb17

Malware Config

Targets

    • Target

      5e74cc530bf530ddc0e282e040341139499a679d161c615d3dbb80f63ba519c2

    • Size

      443KB

    • MD5

      0e0c694b809e639d3e89d8d85b5e1b2d

    • SHA1

      95ae3dbca9ca15d3c1ef32d123472d172cf908c8

    • SHA256

      5e74cc530bf530ddc0e282e040341139499a679d161c615d3dbb80f63ba519c2

    • SHA512

      97628dc3d22ac14db1e315c841342dc83a7f4dbfb93b8389da46720f2134fca53b82440db4adbd6df62e7c4fd3860c2d3b4a816d6489be3dfb1d9be98491cb17

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Stops running service(s)

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Defense Evasion

Impair Defenses

1
T1562

Impact

Service Stop

1
T1489

Tasks