Overview

overview

10

Static

static

3

b6a248932b...8N.exe

windows7-x64

10

b6a248932b...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6a248932bdad05c21b2f940bd1aef0ba1d4e866c0f6f7d8b2fd2a30a2724f48N

  • Size

    368KB

  • Sample

    240928-pmm48syckc

  • MD5

    a521b03af94451e2386e0c2033d82870

  • SHA1

    2d34af6a73c3584506ba49171f47fd69f2d23ca1

  • SHA256

    b6a248932bdad05c21b2f940bd1aef0ba1d4e866c0f6f7d8b2fd2a30a2724f48

  • SHA512

    dfc22c79a5888e5095566e81faf6903f54c9e995e8d2aa3018416273bbcf13dbe8bc5cda7c6135933a1992097fc07938eeaea427093a82d64d74551c4cbf323c

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qF:emSuOcHmnYhrDMTrban4qF

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      b6a248932bdad05c21b2f940bd1aef0ba1d4e866c0f6f7d8b2fd2a30a2724f48N

    • Size

      368KB

    • MD5

      a521b03af94451e2386e0c2033d82870

    • SHA1

      2d34af6a73c3584506ba49171f47fd69f2d23ca1

    • SHA256

      b6a248932bdad05c21b2f940bd1aef0ba1d4e866c0f6f7d8b2fd2a30a2724f48

    • SHA512

      dfc22c79a5888e5095566e81faf6903f54c9e995e8d2aa3018416273bbcf13dbe8bc5cda7c6135933a1992097fc07938eeaea427093a82d64d74551c4cbf323c

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qF:emSuOcHmnYhrDMTrban4qF

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks