Overview

overview

10

Static

static

3

89c781b880...7N.exe

windows7-x64

10

89c781b880...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89c781b880bc397884b03e877205616178e69584b12804296ec031c82547b0a7N

  • Size

    368KB

  • Sample

    241003-bpxjssxbkr

  • MD5

    07d1fbe8618e1d42bd735c58ffa20540

  • SHA1

    6ec8c8fe9c50609182e23b6056f9e8fb1198479f

  • SHA256

    89c781b880bc397884b03e877205616178e69584b12804296ec031c82547b0a7

  • SHA512

    dbed22a6351f6a004effd57f0807ab6fe8d131ad5bbd10f8ba4dc4193a33b9f50c27fed078da7536c5462c1c2ec3536aa60ad56118ac75be191e36394cd9aee5

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qb:emSuOcHmnYhrDMTrban4qb

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      89c781b880bc397884b03e877205616178e69584b12804296ec031c82547b0a7N

    • Size

      368KB

    • MD5

      07d1fbe8618e1d42bd735c58ffa20540

    • SHA1

      6ec8c8fe9c50609182e23b6056f9e8fb1198479f

    • SHA256

      89c781b880bc397884b03e877205616178e69584b12804296ec031c82547b0a7

    • SHA512

      dbed22a6351f6a004effd57f0807ab6fe8d131ad5bbd10f8ba4dc4193a33b9f50c27fed078da7536c5462c1c2ec3536aa60ad56118ac75be191e36394cd9aee5

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qb:emSuOcHmnYhrDMTrban4qb

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks