trickbot | 34f04a6643b34eed047f87c8a06a978005ca480471023874e1ab250a3d123240 | Triage

Sharing

General

Target

8b42883e8ae7314d61016f880859a890_NEIKI
Size

765KB
Sample

240508-2y9htscc4x
MD5

8b42883e8ae7314d61016f880859a890
SHA1

c4482154f007ebe4d89767873976a20ef742111e
SHA256

34f04a6643b34eed047f87c8a06a978005ca480471023874e1ab250a3d123240
SHA512

4dc1a8adc70f7d0acb53fcfa246a4012d9bcf3ec4d0d083bed3533cb328334b6d03d0bfb46382feade9cbd3c78c83e43fc15d144507889c6992d2866cb61caac
SSDEEP

12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiNdvrsymrLL:zQ5aILMCfmAUhrSO1YNWdvKr3

Score

10^/10

trickbot banker evasion execution trojan

Malware Config

Targets

- Target
  
  8b42883e8ae7314d61016f880859a890_NEIKI
- Size
  
  765KB
- MD5
  
  8b42883e8ae7314d61016f880859a890
- SHA1
  
  c4482154f007ebe4d89767873976a20ef742111e
- SHA256
  
  34f04a6643b34eed047f87c8a06a978005ca480471023874e1ab250a3d123240
- SHA512
  
  4dc1a8adc70f7d0acb53fcfa246a4012d9bcf3ec4d0d083bed3533cb328334b6d03d0bfb46382feade9cbd3c78c83e43fc15d144507889c6992d2866cb61caac
- SSDEEP
  
  12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiNdvrsymrLL:zQ5aILMCfmAUhrSO1YNWdvKr3
Score

10^/10

trickbot banker evasion execution trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerevasionexecutiontrojan

behavioral2

trickbotbankertrojan