trickbot | 6db102eed1f5db1be38c03badad077403233889ac7fa7b8fa717d5c69818da13 | Triage

Submit
Reports

Overview

overview

Static

static

3

6db102eed1...3N.exe

windows7-x64

6db102eed1...3N.exe

windows10-2004-x64

Sharing

General

Target

6db102eed1f5db1be38c03badad077403233889ac7fa7b8fa717d5c69818da13N
Size

368KB
Sample

240923-dnwbfsvelj
MD5

6452209126ede158ba01e86225835350
SHA1

16441c96e85e9d96353209ceb4b2a3970e067bcb
SHA256

6db102eed1f5db1be38c03badad077403233889ac7fa7b8fa717d5c69818da13
SHA512

f73b9a9514388c619fb6873f8c1695b7accc00bf0151c96b6507f704fdd7f816bbf3fccd1f53e24ff005d553e6de4e5e8a010cfd180aa6148f5fd117f6499827
SSDEEP

6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qP:emSuOcHmnYhrDMTrban4qP

Score

10^/10

trickbot banker discovery evasion execution trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6db102eed1f5db1be38c03badad077403233889ac7fa7b8fa717d5c69818da13N.exe

Resource

win7-20240708-en

trickbot banker discovery evasion execution trojan

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

6db102eed1f5db1be38c03badad077403233889ac7fa7b8fa717d5c69818da13N.exe

Resource

win10v2004-20240802-en

trickbot banker discovery trojan

windows10-2004-x64

7 signatures

120 seconds

Malware Config

Targets

- Target
  
  6db102eed1f5db1be38c03badad077403233889ac7fa7b8fa717d5c69818da13N
- Size
  
  368KB
- MD5
  
  6452209126ede158ba01e86225835350
- SHA1
  
  16441c96e85e9d96353209ceb4b2a3970e067bcb
- SHA256
  
  6db102eed1f5db1be38c03badad077403233889ac7fa7b8fa717d5c69818da13
- SHA512
  
  f73b9a9514388c619fb6873f8c1695b7accc00bf0151c96b6507f704fdd7f816bbf3fccd1f53e24ff005d553e6de4e5e8a010cfd180aa6148f5fd117f6499827
- SSDEEP
  
  6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qP:emSuOcHmnYhrDMTrban4qP
Score

10^/10

trickbot banker discovery evasion execution trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

trickbotbankerdiscoveryevasionexecutiontrojan

behavioral2

trickbotbankerdiscoverytrojan

© 2018-2024

Terms | Privacy