trickbot | 54f7bfe1a0967f4c2f4582d2b3327809bd817a4a556245ad9ba9124404f4e079 | Triage

Submit
Reports

Overview

overview

Static

static

3

52e7d8bb9f...cs.exe

windows7-x64

52e7d8bb9f...cs.exe

windows10-2004-x64

Sharing

General

Target

52e7d8bb9f23beb33fbf502868016210_NeikiAnalytics.exe
Size

368KB
Sample

240607-nf8a6afc7y
MD5

52e7d8bb9f23beb33fbf502868016210
SHA1

8ba82dc7331cc1df8462d35917bde3320baa8db2
SHA256

54f7bfe1a0967f4c2f4582d2b3327809bd817a4a556245ad9ba9124404f4e079
SHA512

ae12695e127c46130e030a6acd7f3b4c09c031bed64e56cb689910b1a2b1e51d9aac9ff8addee74ab4e04babcca254b7752c9fda84a4123be20c3341f8d8a6c1
SSDEEP

6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qh:emSuOcHmnYhrDMTrban4qh

Score

10^/10

trickbot banker evasion execution trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

52e7d8bb9f23beb33fbf502868016210_NeikiAnalytics.exe

Resource

win7-20240215-en

trickbot banker evasion execution trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

52e7d8bb9f23beb33fbf502868016210_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

trickbot banker trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  52e7d8bb9f23beb33fbf502868016210_NeikiAnalytics.exe
- Size
  
  368KB
- MD5
  
  52e7d8bb9f23beb33fbf502868016210
- SHA1
  
  8ba82dc7331cc1df8462d35917bde3320baa8db2
- SHA256
  
  54f7bfe1a0967f4c2f4582d2b3327809bd817a4a556245ad9ba9124404f4e079
- SHA512
  
  ae12695e127c46130e030a6acd7f3b4c09c031bed64e56cb689910b1a2b1e51d9aac9ff8addee74ab4e04babcca254b7752c9fda84a4123be20c3341f8d8a6c1
- SSDEEP
  
  6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qh:emSuOcHmnYhrDMTrban4qh
Score

10^/10

trickbot banker evasion execution trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerevasionexecutiontrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy