General

  • Target

    3579c5c6ffee651cf4f5ae7f32887fca18e181a33745d2abe09c246d8a026d11.exe

  • Size

    368KB

  • Sample

    241119-kcsvhsslhx

  • MD5

    1b5b4f1fca579484be055e92d1469655

  • SHA1

    653617c5ed422e4700cb1b596dde5f52ba04476f

  • SHA256

    3579c5c6ffee651cf4f5ae7f32887fca18e181a33745d2abe09c246d8a026d11

  • SHA512

    3fc609eb1ca786a422089ebdb49e7720ff2ab0a8c65dd64ab9fce72f145b3143d63df6ee4699ffa0dad087ff5c4cf63e2f1a0b4c091f4b154b7e92fadf748d3b

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qW:emSuOcHmnYhrDMTrban4qW

Malware Config

Targets

    • Target

      3579c5c6ffee651cf4f5ae7f32887fca18e181a33745d2abe09c246d8a026d11.exe

    • Size

      368KB

    • MD5

      1b5b4f1fca579484be055e92d1469655

    • SHA1

      653617c5ed422e4700cb1b596dde5f52ba04476f

    • SHA256

      3579c5c6ffee651cf4f5ae7f32887fca18e181a33745d2abe09c246d8a026d11

    • SHA512

      3fc609eb1ca786a422089ebdb49e7720ff2ab0a8c65dd64ab9fce72f145b3143d63df6ee4699ffa0dad087ff5c4cf63e2f1a0b4c091f4b154b7e92fadf748d3b

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qW:emSuOcHmnYhrDMTrban4qW

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks