trickbot | 0923b78ac186b8160a285213a0aa3452254bb0bddccf2797062a0533c825c8f8 | Triage

Submit
Reports

Overview

overview

Static

static

3

a6ca9783cd...4e.exe

windows7-x64

a6ca9783cd...4e.exe

windows10-2004-x64

Sharing

General

Target

a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.zip
Size

191KB
Sample

240711-tbkbestcnl
MD5

6e412177873e0bcfb1a436d7848153da
SHA1

143024db896bc560da213e36c2263293ce8adaa8
SHA256

0923b78ac186b8160a285213a0aa3452254bb0bddccf2797062a0533c825c8f8
SHA512

53a44d4ce1022dc8b5c12f091ca1f304d4189dd8b5c7bdf04bf740cd1431865f78abfefc7253f4dee12589bbabea8fb2589d28102a6a48badcdf04b9db9bd00c
SSDEEP

3072:AbNZz+liGlmNszPDtP3F8ZYKoRX/43UzbHcPaVGjdb9wxHHHu+FeHEnwbMa1W5mZ:AbNtoHl/PN32YHQkzb8Phx9wVnJcRwAZ

Score

10^/10

trickbot banker evasion execution trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.exe

Resource

win7-20240708-en

trickbot banker evasion execution trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.exe

Resource

win10v2004-20240709-en

trickbot banker trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.exe
- Size
  
  368KB
- MD5
  
  47f1d885fac2c01cce8ba63245fc3f7c
- SHA1
  
  bf1c2aa2d3285f6632a10d56e65c0281032f7a0c
- SHA256
  
  a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e
- SHA512
  
  a3967d47ef3c9e4e4352055a5132ed4c8b1d4b5e4ce874a688eb780c1f213a36ff2a9ef44911a7c100af4f520c1003d0c07eb92aa73e551cf7d95a97f29a7719
- SSDEEP
  
  6144:Fo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4q6:FmSuOcHmnYhrDMTrban4q6
Score

10^/10

trickbot banker evasion execution trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trickbotbankerevasionexecutiontrojan

behavioral2

trickbotbankertrojan

© 2018-2024

Terms | Privacy