trickbot | 332f79bcb0db2d1448dc2bb1d9385abcf35647f13fa6360343fc87b9d793a1af

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 17:44

Target

332f79bcb0db2d1448dc2bb1d9385abcf35647f13fa6360343fc87b9d793a1af.exe
Size

456KB
MD5

92a1c42ec74509a9adbf7fc75b883744
SHA1

503be973393e658c26398129787a76f1be78ed9d
SHA256

332f79bcb0db2d1448dc2bb1d9385abcf35647f13fa6360343fc87b9d793a1af
SHA512

e9b25c38d90423be639bd321330ff9115b1a9de2c5d276b487a9b7ed52aecd70ca7f0889ceb9ba9906b389caffff147231daf5010c919f99b9b71aa63bfa80f2
SSDEEP

6144:B0NHLXu06G10lVMuofe6FC5T+9GvoiOMhV1v5iulsUUg0GyRo/vAGhwd/K6786TQ:mFLXuhXVMuTVT+IQiO0V5blsJGyCMbGf

Score

10^/10

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 3 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral1/memory/1732-55-0x0000000000400000-0x0000000000469000-memory.dmp	trickbot_loader32
behavioral1/memory/1732-56-0x0000000000380000-0x00000000003AB000-memory.dmp	trickbot_loader32
behavioral1/memory/1732-57-0x0000000000380000-0x00000000003AB000-memory.dmp	trickbot_loader32

C:\Users\Admin\AppData\Local\Temp\332f79bcb0db2d1448dc2bb1d9385abcf35647f13fa6360343fc87b9d793a1af.exe
"C:\Users\Admin\AppData\Local\Temp\332f79bcb0db2d1448dc2bb1d9385abcf35647f13fa6360343fc87b9d793a1af.exe"
1⤵
PID:1732

memory/1732-54-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1732-55-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/1732-56-0x0000000000380000-0x00000000003AB000-memory.dmp

Filesize
172KB

Download
memory/1732-57-0x0000000000380000-0x00000000003AB000-memory.dmp

Filesize
172KB

Download