General

  • Target

    55e612ab7f9196618deb3800bd208777d09f2b70be814b1d241acef1dc6280ddN.exe

  • Size

    368KB

  • Sample

    241226-gzfxpaynan

  • MD5

    aca331cef26e80df50aad16106791cf0

  • SHA1

    3eb52a5eee4c386e23c31521a886093d0850a020

  • SHA256

    55e612ab7f9196618deb3800bd208777d09f2b70be814b1d241acef1dc6280dd

  • SHA512

    9eb23a32eb2641cd5d4be9a4704011f37d878d73a0443296f4e62c8db85a6bb770b4bef8b32863a88e1c641108aa05cfb46130fc957933cdea7d2d03f3ec70cc

  • SSDEEP

    6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qF:emSuOcHmnYhrDMTrban4qF

Malware Config

Targets

    • Target

      55e612ab7f9196618deb3800bd208777d09f2b70be814b1d241acef1dc6280ddN.exe

    • Size

      368KB

    • MD5

      aca331cef26e80df50aad16106791cf0

    • SHA1

      3eb52a5eee4c386e23c31521a886093d0850a020

    • SHA256

      55e612ab7f9196618deb3800bd208777d09f2b70be814b1d241acef1dc6280dd

    • SHA512

      9eb23a32eb2641cd5d4be9a4704011f37d878d73a0443296f4e62c8db85a6bb770b4bef8b32863a88e1c641108aa05cfb46130fc957933cdea7d2d03f3ec70cc

    • SSDEEP

      6144:eo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0zLz4qF:emSuOcHmnYhrDMTrban4qF

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks