trickbot

General

Target

85fe9954a46388daf9f25ea2d4531b87147c6a2d37ebb25f77f0886a2dc6dd6a.exe
Size

572KB
Sample

250116-xhl1datnhv
MD5

bad7e93e13bd61310bec6759e5bcc41e
SHA1

6ebf5ada5bdb635d028ae5f8d241d1b819d1bcbc
SHA256

85fe9954a46388daf9f25ea2d4531b87147c6a2d37ebb25f77f0886a2dc6dd6a
SHA512

ff3ffa2cda1167abfebbfd6871550bb70cd5bad590f8534d6effd33652d66b3f8a8e74d7727aa40f254432fbce1ae9a45d36c04d13e709c64aafe139ddca2f4d
SSDEEP

12288:Qqb3mP9FQtynVTEHX7cQxXNMsxXrKY/iXMKOJcnsX6:SQBx+Y/iNZsX6

Score

10^/10

Malware Config

Targets

- Target
  
  85fe9954a46388daf9f25ea2d4531b87147c6a2d37ebb25f77f0886a2dc6dd6a.exe
- Size
  
  572KB
- MD5
  
  bad7e93e13bd61310bec6759e5bcc41e
- SHA1
  
  6ebf5ada5bdb635d028ae5f8d241d1b819d1bcbc
- SHA256
  
  85fe9954a46388daf9f25ea2d4531b87147c6a2d37ebb25f77f0886a2dc6dd6a
- SHA512
  
  ff3ffa2cda1167abfebbfd6871550bb70cd5bad590f8534d6effd33652d66b3f8a8e74d7727aa40f254432fbce1ae9a45d36c04d13e709c64aafe139ddca2f4d
- SSDEEP
  
  12288:Qqb3mP9FQtynVTEHX7cQxXNMsxXrKY/iXMKOJcnsX6:SQBx+Y/iNZsX6
Score

10^/10

trickbot banker dave discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Trickbot family

Trickbot x86 loader

Dave packer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2