trickbot | d2ed27f9234bf004e61a952f667c553092777e0fd2b760dc52f0d0e24ed04abd | Triage

Sharing

General

Target

9037592ea47a15eaa9db8875f734fea0_NEIKI
Size

786KB
Sample

240508-2421yafa25
MD5

9037592ea47a15eaa9db8875f734fea0
SHA1

a67a80af69b0e1ff5881e14ba50613beb8df3d16
SHA256

d2ed27f9234bf004e61a952f667c553092777e0fd2b760dc52f0d0e24ed04abd
SHA512

950b416ffd7f7f5dcee1e9ee506f20bd8e123c9c72d58ff6018ddfdbf35dfc1b53b5eda552829f50546b9549b3e7f6e9bc8c7b31e585ddae94cffe703d7d7a07
SSDEEP

12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiNdvrsymrac+:zQ5aILMCfmAUhrSO1YNWdvKraD

Score

10^/10

trickbot banker evasion execution trojan

Malware Config

Targets

- Target
  
  9037592ea47a15eaa9db8875f734fea0_NEIKI
- Size
  
  786KB
- MD5
  
  9037592ea47a15eaa9db8875f734fea0
- SHA1
  
  a67a80af69b0e1ff5881e14ba50613beb8df3d16
- SHA256
  
  d2ed27f9234bf004e61a952f667c553092777e0fd2b760dc52f0d0e24ed04abd
- SHA512
  
  950b416ffd7f7f5dcee1e9ee506f20bd8e123c9c72d58ff6018ddfdbf35dfc1b53b5eda552829f50546b9549b3e7f6e9bc8c7b31e585ddae94cffe703d7d7a07
- SSDEEP
  
  12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiNdvrsymrac+:zQ5aILMCfmAUhrSO1YNWdvKraD
Score

10^/10

trickbot banker evasion execution trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerevasionexecutiontrojan

behavioral2

trickbotbankertrojan