trickbot | dd20506b3c65472d58ccc0a018cb67c65fab6718023fd4b16e148e64e69e5740 | Triage

Submit
Reports

Overview

overview

Static

static

dd20506b3c...40.exe

windows7-x64

dd20506b3c...40.exe

windows10-2004-x64

Sharing

General

Target

dd20506b3c65472d58ccc0a018cb67c65fab6718023fd4b16e148e64e69e5740
Size

484KB
Sample

230105-zpbt4adc52
MD5

545bfdc9b1976ae0003443ff4f90eb7e
SHA1

92e8ce006bb3c4a1ddb8d8ba8de3a90c0bbb6326
SHA256

dd20506b3c65472d58ccc0a018cb67c65fab6718023fd4b16e148e64e69e5740
SHA512

d932842447cdbfdc439908cd3885c321a62565d6941ec1fc0bbc9b9af40bccd6285c982447dc2b36d6c6fb8b8955c4dc19dc4eac3cd691113203e190e926676f
SSDEEP

6144:zk0Ip3PNVUaXMR7knvo62EYuWHWOQyojEHkXS6vhGQf9135F8u:z03PNVMooKHWHWnyojM6v1tEu

Score

10^/10

trickbot banker dave trojan

Static task

static1

Behavioral task

behavioral1

Sample

dd20506b3c65472d58ccc0a018cb67c65fab6718023fd4b16e148e64e69e5740.exe

Resource

win7-20220812-en

trickbot banker dave trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

dd20506b3c65472d58ccc0a018cb67c65fab6718023fd4b16e148e64e69e5740.exe

Resource

win10v2004-20220812-en

trickbot banker dave trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  dd20506b3c65472d58ccc0a018cb67c65fab6718023fd4b16e148e64e69e5740
- Size
  
  484KB
- MD5
  
  545bfdc9b1976ae0003443ff4f90eb7e
- SHA1
  
  92e8ce006bb3c4a1ddb8d8ba8de3a90c0bbb6326
- SHA256
  
  dd20506b3c65472d58ccc0a018cb67c65fab6718023fd4b16e148e64e69e5740
- SHA512
  
  d932842447cdbfdc439908cd3885c321a62565d6941ec1fc0bbc9b9af40bccd6285c982447dc2b36d6c6fb8b8955c4dc19dc4eac3cd691113203e190e926676f
- SSDEEP
  
  6144:zk0Ip3PNVUaXMR7knvo62EYuWHWOQyojEHkXS6vhGQf9135F8u:z03PNVMooKHWHWnyojM6v1tEu
Score

10^/10

trickbot banker dave trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trickbotbankerdavetrojan

behavioral2

trickbotbankerdavetrojan

© 2018-2024

Terms | Privacy