trickbot | 6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f | Triage

Submit
Reports

Overview

overview

Static

static

6c60b3c7f7...7f.exe

windows7-x64

6c60b3c7f7...7f.exe

windows10-2004-x64

Sharing

General

Target

6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f
Size

473KB
Sample

221130-sb4jmadc9x
MD5

87bc1902b89ac09e8904fb77f997bf02
SHA1

7f193a3ca6f3e20e005d1890ccc30197ef5df1e0
SHA256

6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f
SHA512

8fa91c61513b80fcb67ecc1640359db4c481013346f7ced0d79afa08bbd5621282f57e29fd8014e7f2f651cda68705874a2e22e9340d77bf7c77b531cb86fb8e
SSDEEP

6144:JnXOFxDkS6WtG6gGUgy9ZWHhnP9Ba5CfZomKKg7+uTAVg9EVJ0BVKvh82CYBuBNk:JRS6Wefq9Ba5oO7TUUk

Score

10^/10

trickbot banker evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f.exe

Resource

win7-20220812-en

trickbot banker evasion trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f.exe

Resource

win10v2004-20221111-en

trickbot banker evasion trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f
- Size
  
  473KB
- MD5
  
  87bc1902b89ac09e8904fb77f997bf02
- SHA1
  
  7f193a3ca6f3e20e005d1890ccc30197ef5df1e0
- SHA256
  
  6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f
- SHA512
  
  8fa91c61513b80fcb67ecc1640359db4c481013346f7ced0d79afa08bbd5621282f57e29fd8014e7f2f651cda68705874a2e22e9340d77bf7c77b531cb86fb8e
- SSDEEP
  
  6144:JnXOFxDkS6WtG6gGUgy9ZWHhnP9Ba5CfZomKKg7+uTAVg9EVJ0BVKvh82CYBuBNk:JRS6Wefq9Ba5oO7TUUk
Score

10^/10

trickbot banker evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerevasiontrojan

behavioral2

trickbotbankerevasiontrojan

© 2018-2024

Terms | Privacy