Overview

overview

10

Static

static

3

2023042974...id.exe

windows7-x64

10

2023042974...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023042974ca11821ceccc42af41d8beff60babcicedid

  • Size

    556KB

  • Sample

    230507-abjkcaae68

  • MD5

    74ca11821ceccc42af41d8beff60babc

  • SHA1

    0d60f4042e94dde2393c73b81759c9f3991fc50b

  • SHA256

    bf5b0cf1b9e8e5af758033e0dc40b773e8254933796f71ee80646714adb072b9

  • SHA512

    2d6c114b38057fd6a52c926a8f3d625ce28e8caa024fe18a5eb3b7dd55510913ccf1b46b8fca9caf8fb716a53c89526908516ccde95c3bc371380f118e69361e

  • SSDEEP

    12288:Zx1Q61iHsXYvfVpMODDawkCurdEtttYL0S4GB9:ZXQUIsQpMsequrmGL06v

Score
10/10
trickbotbankertrojan

Malware Config

Targets

    • Target

      2023042974ca11821ceccc42af41d8beff60babcicedid

    • Size

      556KB

    • MD5

      74ca11821ceccc42af41d8beff60babc

    • SHA1

      0d60f4042e94dde2393c73b81759c9f3991fc50b

    • SHA256

      bf5b0cf1b9e8e5af758033e0dc40b773e8254933796f71ee80646714adb072b9

    • SHA512

      2d6c114b38057fd6a52c926a8f3d625ce28e8caa024fe18a5eb3b7dd55510913ccf1b46b8fca9caf8fb716a53c89526908516ccde95c3bc371380f118e69361e

    • SSDEEP

      12288:Zx1Q61iHsXYvfVpMODDawkCurdEtttYL0S4GB9:ZXQUIsQpMsequrmGL06v

    Score
    10/10
    trickbotbankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks