Overview

overview

10

Static

static

3

31f92e937f...9N.exe

windows7-x64

10

31f92e937f...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31f92e937fe43d57f28ea1e337f5b2c7f5681aa4082e5c039673f39fe78d16b9N

  • Size

    690KB

  • Sample

    240922-jltyhaydmm

  • MD5

    79ae01e5eef805e95de9f8de445e0970

  • SHA1

    d971be5391a387ef962644254cf64e25128285b2

  • SHA256

    31f92e937fe43d57f28ea1e337f5b2c7f5681aa4082e5c039673f39fe78d16b9

  • SHA512

    a35b7cf3841355d3283bcea01c2d368d821992e807df1fd5179f576d1034b38d13345b1d917dda598255e38bb206ecbd7700ef11ba84b67039319d3e667aa7cf

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiSw9:zQ5aILMCfmAUhrSO1YNq9

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      31f92e937fe43d57f28ea1e337f5b2c7f5681aa4082e5c039673f39fe78d16b9N

    • Size

      690KB

    • MD5

      79ae01e5eef805e95de9f8de445e0970

    • SHA1

      d971be5391a387ef962644254cf64e25128285b2

    • SHA256

      31f92e937fe43d57f28ea1e337f5b2c7f5681aa4082e5c039673f39fe78d16b9

    • SHA512

      a35b7cf3841355d3283bcea01c2d368d821992e807df1fd5179f576d1034b38d13345b1d917dda598255e38bb206ecbd7700ef11ba84b67039319d3e667aa7cf

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUt3r4DwpRrKO1YYVhiiSw9:zQ5aILMCfmAUhrSO1YNq9

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks