trickbot | 50709a83b665c2d2286d16395a93034a9e1b518fcbf4767646cd33d6894e38b9 | Triage

Submit
Reports

Overview

overview

Static

static

3

eec2a5cc87...18.exe

windows7-x64

eec2a5cc87...18.exe

windows10-2004-x64

Sharing

General

Target

eec2a5cc875cd35d9334725f1a6f926c_JaffaCakes118
Size

252KB
Sample

240921-a7ldtaxclf
MD5

eec2a5cc875cd35d9334725f1a6f926c
SHA1

5ada78b6e5f667996a58246de1ad0453d6eff026
SHA256

50709a83b665c2d2286d16395a93034a9e1b518fcbf4767646cd33d6894e38b9
SHA512

f39f8fa9c31203a6fff5cf30f533c5c3ca8f68a9993f680131be6e3a843d61f609a455abb69686f7eba5cd96904908954c442743202920297a9649ff8c879126
SSDEEP

6144:tCYfPnqFymR5uadElSdEi32oto3PZ3SZmRSu3G:UYnnqQmnu8kvimotKPZCZ6Su3G

Score

10^/10

trickbot banker dave discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eec2a5cc875cd35d9334725f1a6f926c_JaffaCakes118.exe

Resource

win7-20240708-en

trickbot banker dave discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

eec2a5cc875cd35d9334725f1a6f926c_JaffaCakes118.exe

Resource

win10v2004-20240802-en

trickbot banker dave discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  eec2a5cc875cd35d9334725f1a6f926c_JaffaCakes118
- Size
  
  252KB
- MD5
  
  eec2a5cc875cd35d9334725f1a6f926c
- SHA1
  
  5ada78b6e5f667996a58246de1ad0453d6eff026
- SHA256
  
  50709a83b665c2d2286d16395a93034a9e1b518fcbf4767646cd33d6894e38b9
- SHA512
  
  f39f8fa9c31203a6fff5cf30f533c5c3ca8f68a9993f680131be6e3a843d61f609a455abb69686f7eba5cd96904908954c442743202920297a9649ff8c879126
- SSDEEP
  
  6144:tCYfPnqFymR5uadElSdEi32oto3PZ3SZmRSu3G:UYnnqQmnu8kvimotKPZCZ6Su3G
Score

10^/10

trickbot banker dave discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trickbotbankerdavediscoverytrojan

behavioral2

trickbotbankerdavediscoverytrojan

© 2018-2024

Terms | Privacy