trickbot | cbdaf38c5912ef4b839e4baa5b01695828347ed9aab632a8d5fcb5e97f338990 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2025-02-24...id.exe

windows7-x64

2025-02-24...id.exe

windows10-2004-x64

Sharing

General

Target

2025-02-24_598d72228297315d439da009ca231d80_icedid
Size

492KB
Sample

250224-t54l6aspw3
MD5

598d72228297315d439da009ca231d80
SHA1

2a9109574bc13006596ea13a143825db57e86fa5
SHA256

cbdaf38c5912ef4b839e4baa5b01695828347ed9aab632a8d5fcb5e97f338990
SHA512

43082e0106da469a10e68d25e1f55e4a1d8491b95cd02e974c3625afb0de2486f74283f038b70131eae154d13e0717cb830d6ba1328818ce3e950ff64a404d17
SSDEEP

6144:BY352aQ3hklPFghZqqdd2PRMmUnpDUmwqO27fXjscN9Q9h8w2gyx7Ddp2q44:BG52rkDg/TdE+DUGXgEQI2yx+q

Score

10^/10

trickbot banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-24_598d72228297315d439da009ca231d80_icedid.exe

Resource

win7-20241010-en

trickbot banker discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-24_598d72228297315d439da009ca231d80_icedid.exe

Resource

win10v2004-20250217-en

trickbot banker discovery trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-02-24_598d72228297315d439da009ca231d80_icedid
- Size
  
  492KB
- MD5
  
  598d72228297315d439da009ca231d80
- SHA1
  
  2a9109574bc13006596ea13a143825db57e86fa5
- SHA256
  
  cbdaf38c5912ef4b839e4baa5b01695828347ed9aab632a8d5fcb5e97f338990
- SHA512
  
  43082e0106da469a10e68d25e1f55e4a1d8491b95cd02e974c3625afb0de2486f74283f038b70131eae154d13e0717cb830d6ba1328818ce3e950ff64a404d17
- SSDEEP
  
  6144:BY352aQ3hklPFghZqqdd2PRMmUnpDUmwqO27fXjscN9Q9h8w2gyx7Ddp2q44:BG52rkDg/TdE+DUGXgEQI2yx+q
Score

10^/10

trickbot banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trickbotbankerdiscoverytrojan

behavioral2

trickbotbankerdiscoverytrojan

© 2018-2025

Terms | Privacy