Overview

overview

10

Static

static

8

e9d808a162...8.docm

windows7-x64

10

e9d808a162...8.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9d808a162fe28e7c64e0acfe71b911d_JaffaCakes118

  • Size

    654KB

  • Sample

    240918-ydewyazgjl

  • MD5

    e9d808a162fe28e7c64e0acfe71b911d

  • SHA1

    2b8dffacd54196e882bc29bfd1dace121b619dd7

  • SHA256

    473254189c42ed4d695ab7d15131b6a5b70f300de93ee34028364feecf51850c

  • SHA512

    2aa641f1f4c27d0b220a3f49e69a4b07f11c4c0cb5e0b05ef2279cfdaf9186b6a8f42c73cfaa410572620874d2ffa63acbe0f87a43c4f86c7480fa4a2d2ca9a1

  • SSDEEP

    12288:aCldyxIA+zISba/LbjM8xFrztlSvnSucVM2V0aa3E0hfPr9dCeV:BxdbcbTxFrKnSucOpVV

Score
10/10
trickbotbankerdiscoverymacropackertrojan

Malware Config

Targets

    • Target

      e9d808a162fe28e7c64e0acfe71b911d_JaffaCakes118

    • Size

      654KB

    • MD5

      e9d808a162fe28e7c64e0acfe71b911d

    • SHA1

      2b8dffacd54196e882bc29bfd1dace121b619dd7

    • SHA256

      473254189c42ed4d695ab7d15131b6a5b70f300de93ee34028364feecf51850c

    • SHA512

      2aa641f1f4c27d0b220a3f49e69a4b07f11c4c0cb5e0b05ef2279cfdaf9186b6a8f42c73cfaa410572620874d2ffa63acbe0f87a43c4f86c7480fa4a2d2ca9a1

    • SSDEEP

      12288:aCldyxIA+zISba/LbjM8xFrztlSvnSucVM2V0aa3E0hfPr9dCeV:BxdbcbTxFrKnSucOpVV

    Score
    10/10
    trickbotbankerdiscoverypackertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks