Overview

overview

10

Static

static

3

df5215bdcb...0N.exe

windows7-x64

10

df5215bdcb...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df5215bdcbdfaccab02351af4429c1e0N.exe

  • Size

    368KB

  • Sample

    240905-ezhp6stfqa

  • MD5

    df5215bdcbdfaccab02351af4429c1e0

  • SHA1

    fa4be0ebc366a12593ead91051f700e0e747159e

  • SHA256

    52663735bcdbfc92faf78d1c51e7447b9ee5e0d49db381a40a72b66c1e68c1f4

  • SHA512

    911190558b103c2daece159318dff2a788845e318d1ab4484e5890a9c258726fdc93919f79f3c1c05cedaf965abc36d38b50dbcd2775d281e2c27526e96795d4

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qQ:emSuOcHmnYhrDMTrban4qQ

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      df5215bdcbdfaccab02351af4429c1e0N.exe

    • Size

      368KB

    • MD5

      df5215bdcbdfaccab02351af4429c1e0

    • SHA1

      fa4be0ebc366a12593ead91051f700e0e747159e

    • SHA256

      52663735bcdbfc92faf78d1c51e7447b9ee5e0d49db381a40a72b66c1e68c1f4

    • SHA512

      911190558b103c2daece159318dff2a788845e318d1ab4484e5890a9c258726fdc93919f79f3c1c05cedaf965abc36d38b50dbcd2775d281e2c27526e96795d4

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qQ:emSuOcHmnYhrDMTrban4qQ

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks