trickbot | 432b4cbcdfaafd525d07e05fc07149098103e34c3ee6d423d1596e5342725d94 | Triage

Submit
Reports

Overview

overview

Static

static

3

0f575c5c33...18.exe

windows7-x64

0f575c5c33...18.exe

windows10-2004-x64

Sharing

General

Target

0f575c5c33b03bfe52048b34260bf830_JaffaCakes118
Size

740KB
Sample

240503-bn4xgsde44
MD5

0f575c5c33b03bfe52048b34260bf830
SHA1

fedaafe20cef6373e2329496fb28255b3a16e720
SHA256

432b4cbcdfaafd525d07e05fc07149098103e34c3ee6d423d1596e5342725d94
SHA512

44372d1e7a43ed0868e6a0bf7caee3e3bee3224003acdbfc697891c22d0963e1ff49b8828170f95bd260e107f3b545d9d308dacd68dab93376ad7fbfcb687013
SSDEEP

12288:53X+nxll0T7S4d+XMk4Fy2QHAC35lduV89Sr3ZUYHEUjROzfDa05lzCMNJMP0iLD:RuxV4d+XMkCyLzldE89tYHvVO3aH0iLD

Score

10^/10

trickbot banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f575c5c33b03bfe52048b34260bf830_JaffaCakes118.exe

Resource

win7-20240419-en

trickbot banker trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f575c5c33b03bfe52048b34260bf830_JaffaCakes118.exe

Resource

win10v2004-20240419-en

trickbot banker trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f575c5c33b03bfe52048b34260bf830_JaffaCakes118
- Size
  
  740KB
- MD5
  
  0f575c5c33b03bfe52048b34260bf830
- SHA1
  
  fedaafe20cef6373e2329496fb28255b3a16e720
- SHA256
  
  432b4cbcdfaafd525d07e05fc07149098103e34c3ee6d423d1596e5342725d94
- SHA512
  
  44372d1e7a43ed0868e6a0bf7caee3e3bee3224003acdbfc697891c22d0963e1ff49b8828170f95bd260e107f3b545d9d308dacd68dab93376ad7fbfcb687013
- SSDEEP
  
  12288:53X+nxll0T7S4d+XMk4Fy2QHAC35lduV89Sr3ZUYHEUjROzfDa05lzCMNJMP0iLD:RuxV4d+XMkCyLzldE89tYHvVO3aH0iLD
Score

10^/10

trickbot banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trickbotbankertrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy