trickbot | 4cac9f93754001e9a0b58e067beefa5ae738fcf1af0b3e75f0e4704e1cbc6982 | Triage

Submit
Reports

Overview

overview

Static

static

1

136b345a23...d6.vbe

windows7-x64

136b345a23...d6.vbe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_4cac9f93754001e9a0b58e067beefa5ae738fcf1af0b3e75f0e4704e1cbc6982
Size

274KB
Sample

241225-bnzb1atjdr
MD5

9e8f28c644963f2c7b73c865bf83bdfa
SHA1

274626125fe2645ad6ea50ba4c3950eca4ef73b3
SHA256

4cac9f93754001e9a0b58e067beefa5ae738fcf1af0b3e75f0e4704e1cbc6982
SHA512

6c4a6d2b87251384bcc8550a5b65caab25ec88d0cf901d9a32077346297cd7add6b1b4d38211671b35b14cd6b19a5ab3ab25f1be4d96ee2a74f6d4364d1b8764
SSDEEP

6144:HIvxX4uwLVbDQsyM+qPBtNZw+Wo1tBUebZsdKwTHFB/vWWJJPstA71/fc:Hs1ZcDQ71ChCK1tieSowTlB3btH71/fc

Score

10^/10

trickbot banker defense_evasion discovery packer trojan

Static task

static1

Behavioral task

behavioral1

Sample

136b345a239295acc0329ae85463e0b249ee43f2409efef6b003dd31a10b40d6.vbe

Resource

win7-20240903-en

trickbot banker defense_evasion discovery packer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

136b345a239295acc0329ae85463e0b249ee43f2409efef6b003dd31a10b40d6.vbe

Resource

win10v2004-20241007-en

trickbot banker defense_evasion discovery packer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  136b345a239295acc0329ae85463e0b249ee43f2409efef6b003dd31a10b40d6.vbe
- Size
  
  636KB
- MD5
  
  15810fb5f100a3a2d21e4c2288dc1a88
- SHA1
  
  834308004280f11a459f764d9e2339c34dc5d7f1
- SHA256
  
  136b345a239295acc0329ae85463e0b249ee43f2409efef6b003dd31a10b40d6
- SHA512
  
  431b31281a4b3d99fe2f9a0900a66b5eb9fc7deeae3394501fbc46ecd8d249415014f524f255a629d1f8ee3776d0b3cc8ff76d07beb7ec9c7c33632196ecaf87
- SSDEEP
  
  6144:VdRRukv5qBwnX4kRdhogrMkgS1SuxRvT3b3KBaEt47A24/HGiovG:ikcpkHhR9Yu93O2An/H4G
Score

10^/10

trickbot banker defense_evasion discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trickbotbankerdefense_evasiondiscoverypackertrojan

behavioral2

trickbotbankerdefense_evasiondiscoverypackertrojan

© 2018-2025

Terms | Privacy