Overview

overview

10

Static

static

3

d9b05da007...7b.exe

windows7-x64

10

d9b05da007...7b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b

  • Size

    404KB

  • Sample

    240924-zyyp8avhpm

  • MD5

    6477d357280bc2ca8dfa4ff398da6062

  • SHA1

    712a6f520603094d7fe889d8f4957ce7ebfe1801

  • SHA256

    d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b

  • SHA512

    dfd6d944be1a25fd7ca1b4636a620616979d0adf395d989ba0f30eb75f47885549fff9633377bf1e1cd9a215be194717e139ed96ed876b1593d25ae5bb590d3d

  • SSDEEP

    6144:IePkG7pFzb2dYC3nPbv4FNVmVeoFr9DZZtA9nO8ou6PmiDHu3JFoFtYUHGm4HJqB:IikGjzBC3bmrmRDXiDidHKjoLfHGm+O

Score
10/10
trickbotbankerdavediscoverytrojan

Malware Config

Targets

    • Target

      d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b

    • Size

      404KB

    • MD5

      6477d357280bc2ca8dfa4ff398da6062

    • SHA1

      712a6f520603094d7fe889d8f4957ce7ebfe1801

    • SHA256

      d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b

    • SHA512

      dfd6d944be1a25fd7ca1b4636a620616979d0adf395d989ba0f30eb75f47885549fff9633377bf1e1cd9a215be194717e139ed96ed876b1593d25ae5bb590d3d

    • SSDEEP

      6144:IePkG7pFzb2dYC3nPbv4FNVmVeoFr9DZZtA9nO8ou6PmiDHu3JFoFtYUHGm4HJqB:IikGjzBC3bmrmRDXiDidHKjoLfHGm+O

    Score
    10/10
    trickbotbankerdavediscoverytrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

      dave

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks