trickbot

Resubmissions

21/03/2025, 18:21

250321-wy97gayqw7 10

20/01/2025, 21:36

250120-1f8m5szrey 10

Sharing

Copy URL

Twitter E-mail

General

Target

attendees.zip
Size

488KB
Sample

250120-1f8m5szrey
MD5

f77030baf04b5ac90e38d2282cbb9747
SHA1

f21b61050e4adf6b02da0678b5992e1616fceeb1
SHA256

4e988f47cc21b69536d5f7d6b824a0e9890a2d65eeafc139d3f980555bdc5e4f
SHA512

c7e155530936cd84e8d06cdf10b7d5ab8ab5c3c80b253c40c674aa853d695f7e1212b3a74bee7f80a6de27f5ec958cbdf2a8f61a64245cf831c2e3cb87b9f913
SSDEEP

12288:GoQAAKo/qkDvvJznpqL3te0paEDFWVVLyh5FD5RKlrCVCUVl:QzKo/Vr4rt1DWnyTFD5RKVCVCUz

Score

10^/10

Malware Config

Targets

- Target
  
  attendees.xlsm
- Size
  
  535KB
- MD5
  
  b556307e1e6462a9aea5dc1f76667d10
- SHA1
  
  e3525ffd85d51a0a502012492ed1ef54d22eec88
- SHA256
  
  804e3a6cde4114e76fa911b699891535c8ed8b637ee9eaad373619e3ce36ee19
- SHA512
  
  51666a80ae3ae2ba69954f47e36521ce08cece8dd258498a7cf88e6c2586fa9a66776c78d68538bca5568965ebca87e9d04ce79db2c2388716ab73182af7164b
- SSDEEP
  
  12288:E9ijex0VbLbGeH+59SjrPImbT4XXO8RGNQpRtL8PZY4krmStNpc:E9fKVbLte52rPImbCjGWpj8BYVmSt/c
Score

10^/10

discovery trickbot banker packer trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Process spawned unexpected child process

Trickbot family

Templ.dll packer

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3