trickbot | 9e583f2351c0526cda822acb46434614ebd35e0b51ca9934173c28ed382552ce | Triage

Submit
Reports

Overview

overview

Static

static

3

f034a55a2d...18.exe

windows7-x64

f034a55a2d...18.exe

windows10-2004-x64

Sharing

General

Target

f034a55a2d40dd511f13efcf714406ca_JaffaCakes118
Size

624KB
Sample

240921-t46p5ascka
MD5

f034a55a2d40dd511f13efcf714406ca
SHA1

be807d17a249ab8a37f3ce3f88cc4d8737be5efe
SHA256

9e583f2351c0526cda822acb46434614ebd35e0b51ca9934173c28ed382552ce
SHA512

151557b53d587414d8275d0377030e3b127bd55720ea6e71a40e411c0713baea3f43fdd5c19fd54f4b96bbcb2f1a9acd2d527645db712908291be71bfed22596
SSDEEP

12288:CWqwSRyqOKNfqC4bHQ5cmUcuSFzRMWCvEHk08AqDha:OyqOUiC4bHJmJu8zJkqq

Score

10^/10

trickbot banker dave discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f034a55a2d40dd511f13efcf714406ca_JaffaCakes118.exe

Resource

win7-20240903-en

trickbot banker dave discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f034a55a2d40dd511f13efcf714406ca_JaffaCakes118.exe

Resource

win10v2004-20240802-en

trickbot banker dave discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  f034a55a2d40dd511f13efcf714406ca_JaffaCakes118
- Size
  
  624KB
- MD5
  
  f034a55a2d40dd511f13efcf714406ca
- SHA1
  
  be807d17a249ab8a37f3ce3f88cc4d8737be5efe
- SHA256
  
  9e583f2351c0526cda822acb46434614ebd35e0b51ca9934173c28ed382552ce
- SHA512
  
  151557b53d587414d8275d0377030e3b127bd55720ea6e71a40e411c0713baea3f43fdd5c19fd54f4b96bbcb2f1a9acd2d527645db712908291be71bfed22596
- SSDEEP
  
  12288:CWqwSRyqOKNfqC4bHQ5cmUcuSFzRMWCvEHk08AqDha:OyqOUiC4bHJmJu8zJkqq
Score

10^/10

trickbot banker dave discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trickbotbankerdavediscoverytrojan

behavioral2

trickbotbankerdavediscoverytrojan

© 2018-2024

Terms | Privacy