trickbot | 70c26692569194f464cbcd7adb9a1768eae8b691c05d31e40bbe256d026ab65e | Triage

Submit
Reports

Overview

overview

Static

static

1

b7cbc5e5dc...72.exe

windows7-x64

b7cbc5e5dc...72.exe

windows10-2004-x64

Sharing

General

Target

b7cbc5e5dc182c8d99809cd64d36734abeb6bfac15e6efc2ebcc2c57254bf172.zip
Size

192KB
Sample

230311-s9zckaca9z
MD5

31e82373659eefe1e92d2f37404c1274
SHA1

00465109c33e214d9530ecf83d3c33db04ecd420
SHA256

70c26692569194f464cbcd7adb9a1768eae8b691c05d31e40bbe256d026ab65e
SHA512

abe3e5b957184f0c895fcbbafc19ea0a5d941e4026125902f10b859eba25fa1c6ce7daed8855a1e34e1360fa9ff4b4fa3a7ba0e5b70f9f05e34352f8634c81e8
SSDEEP

3072:LRSSauA0NLnHJpr+F4EtHqx0Kg9QGPcLLzyAjkzQ1Ex+mI3+Ft0iXhvY0KJGWqus:LYiN3+OfIXefyk1EoF+7VKJGYpNLI3

Score

10^/10

trickbot banker evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

b7cbc5e5dc182c8d99809cd64d36734abeb6bfac15e6efc2ebcc2c57254bf172.exe

Resource

win7-20230220-en

trickbot banker evasion trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b7cbc5e5dc182c8d99809cd64d36734abeb6bfac15e6efc2ebcc2c57254bf172.exe

Resource

win10v2004-20230220-en

trickbot banker trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b7cbc5e5dc182c8d99809cd64d36734abeb6bfac15e6efc2ebcc2c57254bf172.exe
- Size
  
  368KB
- MD5
  
  8402ab33eafb84178069f8f490ca604d
- SHA1
  
  516c7a538e93f7cf4bff29196511f94e5fbb5a40
- SHA256
  
  b7cbc5e5dc182c8d99809cd64d36734abeb6bfac15e6efc2ebcc2c57254bf172
- SHA512
  
  ef0953826940f1eb6a596ed312d908b1e373e61972d8efbd2336425a7f13e6846c0f7341be2c78ac47c7786bacbe94336dcc51d0b270f8aaaa4842256da9ab97
- SSDEEP
  
  6144:jo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qM:jmSuOcHmnYhrDMTrban4qM
Score

10^/10

trickbot banker evasion trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerevasiontrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy