Overview

overview

10

Static

static

3

e942e1be0d...0N.exe

windows7-x64

10

e942e1be0d...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e942e1be0d6e30d7ebe60ca85a0b6590N.exe

  • Size

    368KB

  • Sample

    240804-lj4e9swfne

  • MD5

    e942e1be0d6e30d7ebe60ca85a0b6590

  • SHA1

    d072e0416a376226230e550acded01200a03d935

  • SHA256

    281c93612260e9df8b08adc72d0a4581e282ec70318efe3426ea952f06c8d694

  • SHA512

    9024ddc6e4eb3ff3d56fe99a27108c0b139bc3a190094726127290e236367bea76040386799030f67d713a65557fed81118c9be0a80de9f003604d03314e66b8

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qG:emSuOcHmnYhrDMTrban4qG

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      e942e1be0d6e30d7ebe60ca85a0b6590N.exe

    • Size

      368KB

    • MD5

      e942e1be0d6e30d7ebe60ca85a0b6590

    • SHA1

      d072e0416a376226230e550acded01200a03d935

    • SHA256

      281c93612260e9df8b08adc72d0a4581e282ec70318efe3426ea952f06c8d694

    • SHA512

      9024ddc6e4eb3ff3d56fe99a27108c0b139bc3a190094726127290e236367bea76040386799030f67d713a65557fed81118c9be0a80de9f003604d03314e66b8

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qG:emSuOcHmnYhrDMTrban4qG

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks