Overview

overview

10

Static

static

3

89b794bc50...8N.exe

windows7-x64

10

89b794bc50...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89b794bc50353c214039d8195fbf2e353ed7a50b6a8e103666f7151f137fde88N.exe

  • Size

    368KB

  • Sample

    241119-fnqgbazqgy

  • MD5

    42cf0113caf4a1f23b6eb382cb885510

  • SHA1

    cce07b6527d101d27eeb1b4c878197185a2ed08f

  • SHA256

    89b794bc50353c214039d8195fbf2e353ed7a50b6a8e103666f7151f137fde88

  • SHA512

    d7f1f792240c50009851970d07aae23004c9b57d55a65a1e649ce44af789f593644358fbbfe351b3bfb013b83d4749057be62c65cf4a438d5eb723efbe58633a

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4q2:emSuOcHmnYhrDMTrban4q2

Score
10/10
trickbotbankerdiscoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      89b794bc50353c214039d8195fbf2e353ed7a50b6a8e103666f7151f137fde88N.exe

    • Size

      368KB

    • MD5

      42cf0113caf4a1f23b6eb382cb885510

    • SHA1

      cce07b6527d101d27eeb1b4c878197185a2ed08f

    • SHA256

      89b794bc50353c214039d8195fbf2e353ed7a50b6a8e103666f7151f137fde88

    • SHA512

      d7f1f792240c50009851970d07aae23004c9b57d55a65a1e649ce44af789f593644358fbbfe351b3bfb013b83d4749057be62c65cf4a438d5eb723efbe58633a

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4q2:emSuOcHmnYhrDMTrban4q2

    Score
    10/10
    trickbotbankerdiscoveryevasionexecutiontrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot family

      trickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks