Overview

overview

10

Static

static

3

18b3ffabad...18.exe

windows7-x64

10

18b3ffabad...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18b3ffabad9644d95e64cca21d2ba064_JaffaCakes118

  • Size

    443KB

  • Sample

    240505-wdfr5agd8w

  • MD5

    18b3ffabad9644d95e64cca21d2ba064

  • SHA1

    c00961850fb546176dc69cecf3ab0cf5598225f6

  • SHA256

    8458b8f86d423534a2c5e4e23aa033d8ae7824f9f0bf096e059b4d1236958851

  • SHA512

    f5a2f9eafef3a1e23c433ef6ee1bd02a8d8440b5086b443cf52b9fc1d2b91b57f657080ed57a1f6ff4a27da75b88d4f7a32a5a2b35860b85df265e35b3cdb35c

  • SSDEEP

    6144:Z6ohM6XPOgAtvl17gHp094WQaa4gL68sv/Abr:ZBhhPktvlFgH8OLA/

Score
10/10
trickbotbankerevasionexecutiontrojan

Malware Config

Targets

    • Target

      18b3ffabad9644d95e64cca21d2ba064_JaffaCakes118

    • Size

      443KB

    • MD5

      18b3ffabad9644d95e64cca21d2ba064

    • SHA1

      c00961850fb546176dc69cecf3ab0cf5598225f6

    • SHA256

      8458b8f86d423534a2c5e4e23aa033d8ae7824f9f0bf096e059b4d1236958851

    • SHA512

      f5a2f9eafef3a1e23c433ef6ee1bd02a8d8440b5086b443cf52b9fc1d2b91b57f657080ed57a1f6ff4a27da75b88d4f7a32a5a2b35860b85df265e35b3cdb35c

    • SSDEEP

      6144:Z6ohM6XPOgAtvl17gHp094WQaa4gL68sv/Abr:ZBhhPktvlFgH8OLA/

    Score
    10/10
    trickbotbankerevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks