trickbot | 1f80cb0b28f49ef4ae993b4e762dc99481980259c69b533a85a7756af215fa3f | Triage

Submit
Reports

Overview

overview

Static

static

3

60be89cfce...18.exe

windows7-x64

60be89cfce...18.exe

windows10-2004-x64

Sharing

General

Target

60be89cfcec7b0f485bba11b53df8d4c_JaffaCakes118
Size

273KB
Sample

240520-xyrkssdd83
MD5

60be89cfcec7b0f485bba11b53df8d4c
SHA1

dbbd2a2dc60a55441e9c08cd78e710029da3eac7
SHA256

1f80cb0b28f49ef4ae993b4e762dc99481980259c69b533a85a7756af215fa3f
SHA512

61d817555c032af01881022e0f6a87f6548ec2771689c980b810e7fae184ce0efe444d6c537de11e3735f6a810252afae434d99387c84a7d03373abb668249dc
SSDEEP

6144:qAe7p8fXlw+Ne92McccntNLpdy70/TT3GkO:qAe98fV1Ne92v5t/Oh

Score

10^/10

trickbot banker evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

60be89cfcec7b0f485bba11b53df8d4c_JaffaCakes118.exe

Resource

win7-20240419-en

trickbot banker evasion trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

60be89cfcec7b0f485bba11b53df8d4c_JaffaCakes118.exe

Resource

win10v2004-20240508-en

trickbot banker trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  60be89cfcec7b0f485bba11b53df8d4c_JaffaCakes118
- Size
  
  273KB
- MD5
  
  60be89cfcec7b0f485bba11b53df8d4c
- SHA1
  
  dbbd2a2dc60a55441e9c08cd78e710029da3eac7
- SHA256
  
  1f80cb0b28f49ef4ae993b4e762dc99481980259c69b533a85a7756af215fa3f
- SHA512
  
  61d817555c032af01881022e0f6a87f6548ec2771689c980b810e7fae184ce0efe444d6c537de11e3735f6a810252afae434d99387c84a7d03373abb668249dc
- SSDEEP
  
  6144:qAe7p8fXlw+Ne92McccntNLpdy70/TT3GkO:qAe98fV1Ne92v5t/Oh
Score

10^/10

trickbot banker evasion trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trickbotbankerevasiontrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy