trickbot | 74ce10a98786dbaeae3d3e78044ceb5372c4945047b97ccfd24542ccabee1bc8 | Triage

Sharing

General

Target

74ce10a98786dbaeae3d3e78044ceb5372c4945047b97ccfd24542ccabee1bc8
Size

682KB
Sample

240804-21r2katbqa
MD5

58237f2324ff0e454ab0a46e46a268cc
SHA1

2d5b5667a3c4cb5b2d09d4b91e50e4307cce3a9c
SHA256

74ce10a98786dbaeae3d3e78044ceb5372c4945047b97ccfd24542ccabee1bc8
SHA512

8d378dc80da653b2b4666cbf2a430a3aba5a5186bca7f088696d2501fa82e7dd8e9f15e2d90d1304c2db77e072abc1d315cb2075c36c6ef34379070dd1054d80
SSDEEP

12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiyMIi:zQ5aILMCfmAUhrSO1YNSIi

Score

10^/10

trickbot banker discovery evasion execution trojan

Malware Config

Targets

- Target
  
  74ce10a98786dbaeae3d3e78044ceb5372c4945047b97ccfd24542ccabee1bc8
- Size
  
  682KB
- MD5
  
  58237f2324ff0e454ab0a46e46a268cc
- SHA1
  
  2d5b5667a3c4cb5b2d09d4b91e50e4307cce3a9c
- SHA256
  
  74ce10a98786dbaeae3d3e78044ceb5372c4945047b97ccfd24542ccabee1bc8
- SHA512
  
  8d378dc80da653b2b4666cbf2a430a3aba5a5186bca7f088696d2501fa82e7dd8e9f15e2d90d1304c2db77e072abc1d315cb2075c36c6ef34379070dd1054d80
- SSDEEP
  
  12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiyMIi:zQ5aILMCfmAUhrSO1YNSIi
Score

10^/10

trickbot banker discovery evasion execution trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerdiscoveryevasionexecutiontrojan

behavioral2

trickbotbankerdiscoverytrojan