Overview

overview

10

Static

static

3

597d07a52d...89.exe

windows7-x64

10

597d07a52d...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    597d07a52d3db58398cc837c7f4dc3718a04a6a6458b0c660e69be53271ac689

  • Size

    368KB

  • Sample

    241115-19lepssngw

  • MD5

    46a0113f7cea77f9be316ca6a1a550c2

  • SHA1

    6bcd7891238b626cb64666a8e0c0a0128893a77b

  • SHA256

    597d07a52d3db58398cc837c7f4dc3718a04a6a6458b0c660e69be53271ac689

  • SHA512

    8991b850b99ab5e9da2e50782c345fb5ef3fa8ca1ff5ecdb91b883aee7e2b3f7c5e4a11a04d368309cacd017ee2df0000dc9b52ede959ded25a4e1613c32942a

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qA:emSuOcHmnYhrDMTrban4qA

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      597d07a52d3db58398cc837c7f4dc3718a04a6a6458b0c660e69be53271ac689

    • Size

      368KB

    • MD5

      46a0113f7cea77f9be316ca6a1a550c2

    • SHA1

      6bcd7891238b626cb64666a8e0c0a0128893a77b

    • SHA256

      597d07a52d3db58398cc837c7f4dc3718a04a6a6458b0c660e69be53271ac689

    • SHA512

      8991b850b99ab5e9da2e50782c345fb5ef3fa8ca1ff5ecdb91b883aee7e2b3f7c5e4a11a04d368309cacd017ee2df0000dc9b52ede959ded25a4e1613c32942a

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qA:emSuOcHmnYhrDMTrban4qA

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot family

      trickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks