trickbot | a5a25c1188421060139d0e1306ee64584c43f4831bccfc54288ceaee96697b81 | Triage

Submit
Reports

Overview

overview

Static

static

3

415e04eb34...1a.exe

windows7-x64

415e04eb34...1a.exe

windows10-2004-x64

Sharing

General

Target

a5a25c1188421060139d0e1306ee64584c43f4831bccfc54288ceaee96697b81
Size

439KB
Sample

240417-qxpaqabe4y
MD5

4d8a997af00ce034dc0314c7c6a19bb0
SHA1

32ed57781b3230f458c2ce4c1c38eb59be81dd01
SHA256

a5a25c1188421060139d0e1306ee64584c43f4831bccfc54288ceaee96697b81
SHA512

8ac925d8dc762815d24800da7e1bc96b930d54c267e52b00ee11aa9d93c5e003a5f802260be98da5f5183ed3993c984cf45559ebee294172ad68faaea57c17ab
SSDEEP

12288:Vkhk87Rynq2n53K4Td0l9czE4QxXrcuUd:Gh7knv56AImEFXrlUd

Score

10^/10

trickbot banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

415e04eb340f1b092288cbcc71295a2c95e864fc1bbfcd55d6e3f5aa67099b1a.exe

Resource

win7-20240215-en

trickbot banker trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

415e04eb340f1b092288cbcc71295a2c95e864fc1bbfcd55d6e3f5aa67099b1a.exe

Resource

win10v2004-20240412-en

trickbot banker trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  415e04eb340f1b092288cbcc71295a2c95e864fc1bbfcd55d6e3f5aa67099b1a.exe
- Size
  
  663KB
- MD5
  
  367b6a5c0e0e8ec68ea14a085b1d32b3
- SHA1
  
  d02f452d01660387fd78d40e9f2405c3e38c9668
- SHA256
  
  415e04eb340f1b092288cbcc71295a2c95e864fc1bbfcd55d6e3f5aa67099b1a
- SHA512
  
  6e07cd2dbbd729154b57afff569c9c9bc0e3cc23779698680c2f642cd9029fbe33a24222d9096599e8a54b43bc5eefe0b4590502093e0e35b9b769c67426d2d4
- SSDEEP
  
  12288:nO4BydKj3ACZfNFEnw6qJxs3UPwgDrZiI0OSnnox7Yu:OOyO3YnwFRPVXZf09nMD
Score

10^/10

trickbot banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trickbotbankertrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy