Overview

overview

10

Static

static

1

4c828e6887...18.exe

windows7-x64

10

4c828e6887...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c828e6887c195250b3ac3b702bf61ac_JaffaCakes118

  • Size

    384KB

  • Sample

    240516-xb94maae88

  • MD5

    4c828e6887c195250b3ac3b702bf61ac

  • SHA1

    1a638b7c5cc88945c44668d59849cbb0eee6463b

  • SHA256

    e30f1ea0b6e3b7fa083270a1de65103b54ee7c78049282ae17060435dfbee051

  • SHA512

    6a43339f3a5fd1128e4f0a7324d6325f1cdc02c34c061def837c473df16c774798d62ec9b44b7d40a2a61500e772fc3755fa0fa20cbf9c32eb3ffbdf116b5609

  • SSDEEP

    6144:3XR8wObqRyN8tc7rmr4vkU4FWJkcby0I8IdUZTm+m9PG9+BeDHGFm:3BQKc7rUEyWdI8ISlCBIIm

Score
10/10
trickbotbankerevasionexecutiontrojan

Malware Config

Targets

    • Target

      4c828e6887c195250b3ac3b702bf61ac_JaffaCakes118

    • Size

      384KB

    • MD5

      4c828e6887c195250b3ac3b702bf61ac

    • SHA1

      1a638b7c5cc88945c44668d59849cbb0eee6463b

    • SHA256

      e30f1ea0b6e3b7fa083270a1de65103b54ee7c78049282ae17060435dfbee051

    • SHA512

      6a43339f3a5fd1128e4f0a7324d6325f1cdc02c34c061def837c473df16c774798d62ec9b44b7d40a2a61500e772fc3755fa0fa20cbf9c32eb3ffbdf116b5609

    • SSDEEP

      6144:3XR8wObqRyN8tc7rmr4vkU4FWJkcby0I8IdUZTm+m9PG9+BeDHGFm:3BQKc7rUEyWdI8ISlCBIIm

    Score
    10/10
    trickbotbankerevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks