trickbot | 23db4d7b698ffeccbccfed9a3920e94a2cf3acb3e69edf1638a2eca688140737 | Triage

Submit
Reports

Overview

overview

Static

static

3

9fdea40a98...72.exe

windows7-x64

9fdea40a98...72.exe

windows10-2004-x64

Sharing

General

Target

23db4d7b698ffeccbccfed9a3920e94a2cf3acb3e69edf1638a2eca688140737
Size

389KB
Sample

240417-p9bpqahh3w
MD5

a70811ee656476e9deac755dd0dd88b8
SHA1

eebafba11d2408131bc6257bf202ae135a751a39
SHA256

23db4d7b698ffeccbccfed9a3920e94a2cf3acb3e69edf1638a2eca688140737
SHA512

aabca7a3a2c0e19e83ca6eb0616e3c4f78463e1a5ed1a22c982ed3f6fb677f3391ab87d7afc128392bb185c9aefc42daacc6ab633900cdd50052572c45523214
SSDEEP

6144:KGwB4Yo10M2YlYGPBqeLvmX+tIjjpaBo/lYxDXH68a3qMd+WbdGcGpPZAq:KGO4r17CGZB74kuAew687M4WbjGcq

Score

10^/10

trickbot banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72.exe

Resource

win7-20240221-en

trickbot banker trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72.exe

Resource

win10v2004-20240226-en

trickbot banker trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72.exe
- Size
  
  550KB
- MD5
  
  0b375e6b7e44d7c8488c4227e9344197
- SHA1
  
  dd8753066efc055dea693f44627fd69c988dfc65
- SHA256
  
  9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72
- SHA512
  
  1c0bab939e6c34b3b51853051a8b5e72ac47a896579dc705679293795461c5aa0e62bb2ff63deeabfbb5106732620506124ca208dd5978b72650a645eb23eca7
- SSDEEP
  
  12288:Zx1Q61iHsXYvfVpMODDawkCurdEtttYy7C62Vvyh7:ZXQUIsQpMsequrmGyiqh7
Score

10^/10

trickbot banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trickbotbankertrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy