Overview

overview

10

Static

static

3

3800481c13...0N.exe

windows7-x64

10

3800481c13...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3800481c130c2671c5e4742cf6e99b00N.exe

  • Size

    368KB

  • Sample

    240813-h9pg9a1anf

  • MD5

    3800481c130c2671c5e4742cf6e99b00

  • SHA1

    e583eacb665803c63bf96c6924790f9bbed02449

  • SHA256

    2103e44868d587fe3247a09802318e062750471c94793cc56f537e60caf37b01

  • SHA512

    defb5666245d54f5557611b7c56d844191630f02571058c0e7ac35dbb62a47e4e5dcef9d171dbf9cf7c942279188351e3f15d32c6af90a558f71917a8e9657ff

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qp:emSuOcHmnYhrDMTrban4qp

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      3800481c130c2671c5e4742cf6e99b00N.exe

    • Size

      368KB

    • MD5

      3800481c130c2671c5e4742cf6e99b00

    • SHA1

      e583eacb665803c63bf96c6924790f9bbed02449

    • SHA256

      2103e44868d587fe3247a09802318e062750471c94793cc56f537e60caf37b01

    • SHA512

      defb5666245d54f5557611b7c56d844191630f02571058c0e7ac35dbb62a47e4e5dcef9d171dbf9cf7c942279188351e3f15d32c6af90a558f71917a8e9657ff

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qp:emSuOcHmnYhrDMTrban4qp

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks