trickbot | eb0311c06ad67251b11b8a69d4508c0851e900cbcda30aeeb87e14daef921396 | Triage

Submit
Reports

Overview

overview

Static

static

3

9fdea40a98...72.exe

windows7-x64

9fdea40a98...72.exe

windows10-2004-x64

Sharing

General

Target

eb0311c06ad67251b11b8a69d4508c0851e900cbcda30aeeb87e14daef921396
Size

389KB
Sample

240417-qcs36sgf54
MD5

3ad2f74eb72773512a754e219192421a
SHA1

821be62ba47021b05b188ced24ab19056662c470
SHA256

eb0311c06ad67251b11b8a69d4508c0851e900cbcda30aeeb87e14daef921396
SHA512

e1a04f2fb261dbc1e330e6ff0ca6d0f33633b7e952606294b7143db4f47d90b38575e0e279f22bd7d4b7636f6b68483d13a5b00a7a87e61bdf678bf92401d46b
SSDEEP

6144:NiRX9SX7Ah7kAhsq9whuJJhAeWvJnTqd8bpcyfNSQplwFIbc6gqmWfiwmlb/tz:NEXAX0bCIwmhAeWfNnpCFYlAMiwmZFz

Score

10^/10

trickbot banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72.exe

Resource

win7-20240220-en

trickbot banker trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72.exe

Resource

win10v2004-20240226-en

trickbot banker trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72.exe
- Size
  
  550KB
- MD5
  
  0b375e6b7e44d7c8488c4227e9344197
- SHA1
  
  dd8753066efc055dea693f44627fd69c988dfc65
- SHA256
  
  9fdea40a9872a77335ae3b733a50f4d1e9f8eff193ae84e36fb7e5802c481f72
- SHA512
  
  1c0bab939e6c34b3b51853051a8b5e72ac47a896579dc705679293795461c5aa0e62bb2ff63deeabfbb5106732620506124ca208dd5978b72650a645eb23eca7
- SSDEEP
  
  12288:Zx1Q61iHsXYvfVpMODDawkCurdEtttYy7C62Vvyh7:ZXQUIsQpMsequrmGyiqh7
Score

10^/10

trickbot banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trickbotbankertrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy