Overview

overview

10

Static

static

3

5abc67cd2e...2f.exe

windows7-x64

10

5abc67cd2e...2f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5abc67cd2ec2eaa9af10f9efe7f6d88606637849c19ee2d19850b0b0d5e2f82f

  • Size

    368KB

  • Sample

    240817-2naazs1flf

  • MD5

    bcdb79df76f81dcbb1206928da73f0bf

  • SHA1

    40d8a820a6497aeddd1dd1b86322ca83c6443e39

  • SHA256

    5abc67cd2ec2eaa9af10f9efe7f6d88606637849c19ee2d19850b0b0d5e2f82f

  • SHA512

    6811612303bc389b2e3f36edb1c77ee59973a6ad50778768597e1bab31fe38bf8b5bd7a38a3190199459762b136f05f8fe78c2d680d92efc203ebaa98def7814

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4q5:emSuOcHmnYhrDMTrban4q5

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      5abc67cd2ec2eaa9af10f9efe7f6d88606637849c19ee2d19850b0b0d5e2f82f

    • Size

      368KB

    • MD5

      bcdb79df76f81dcbb1206928da73f0bf

    • SHA1

      40d8a820a6497aeddd1dd1b86322ca83c6443e39

    • SHA256

      5abc67cd2ec2eaa9af10f9efe7f6d88606637849c19ee2d19850b0b0d5e2f82f

    • SHA512

      6811612303bc389b2e3f36edb1c77ee59973a6ad50778768597e1bab31fe38bf8b5bd7a38a3190199459762b136f05f8fe78c2d680d92efc203ebaa98def7814

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4q5:emSuOcHmnYhrDMTrban4q5

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks