Detricking TrickBot Loader
Tags
cmtmf-attack-pattern: Code Injection
attack-pattern: Data Direct Code Injection - T1540 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Software - T1592.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 8f08fca1-a135-4bfa-9559-9ef4c47f40f7
Fingerprint ae0791312aad33b1
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 5, 2019, midnight
Added to db Aug. 31, 2024, 1:43 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Original binary
Title Detricking TrickBot Loader
Detected Hints/Tags/Attributes 36/2/61
Source URLs
Redirection Url
Details Source https://cert.pl/en/posts/2019/02/detricking-trickbot-loader/
Details Source https://www.cert.pl/en/news/single/detricking-trickbot-loader/
URL Provider
Details Provider Source level domain
Details cert.pl www.cert.pl
Details cert.pl cert.pl
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 81 CERT Polska https://cert.pl/en/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
www.win7dll.info
Details Domain 81 
blog.malwarebytes.com
Details Domain 6 
sysopfb.github.io
Details Domain 2 
rce.co
Details File 18 
pstorec.dll
Details File 10 
vmcheck.dll
Details File 54 
dbghelp.dll
Details File 10 
wpespy.dll
Details File 21 
api_log.dll
Details File 83 
sbiedll.dll
Details File 16 
sxin.dll
Details File 19 
dir_watch.dll
Details File 13 
sf2.dll
Details File 12 
cmdvrt32.dll
Details File 20 
snxhk.dll
Details File 2127 
cmd.exe
Details File 198 
msmpeng.exe
Details File 14 
msascuil.exe
Details File 18 
msascui.exe
Details File 25 
savservice.exe
Details File 8 
almon.exe
Details File 3 
sophosfs.exe
Details File 12 
alsvc.exe
Details File 13 
clean.exe
Details File 19 
savadminservice.exe
Details File 1 
domaindll32.dll
Details File 2 
importdll32.dll
Details File 3 
injectdll32.dll
Details File 2 
mailsearcher32.dll
Details File 2 
networkdll32.dll
Details File 1 
outlookdll32.dll
Details File 2 
pwgrab32.dll
Details File 2 
sharedll32.dll
Details File 1 
squldll32.dll
Details File 3 
systeminfo32.dll
Details File 1 
tabdll32.dll
Details File 2 
wormdll32.dll
Details File 1 
win7dll.inf
Details File 1 
trickbot-uacme.html
Details sha256 1 
b401a0c3a64c2e5a61070c2ae158d3fcf8ebbb51b33593323cd54bbe03d3de00
Details sha256 1 
8d56f6816f24ec95524d6b434fc25f9aad24a27dbb67eab0106bbd7b4160dc75
Details sha256 1 
cbb5ea4210665c6a3743e2b7c5a29d10af21efddfbab310035c9a14336c71de3
Details sha256 1 
028e29ef2543daa1729b6ac5bf0b2551dc9a4218a71a840972cdc50b23fe83c4
Details sha256 1 
52bc216a6de00151f32be2b87412b6e13efa5ba6039731680440d756515d3cb9
Details sha256 1 
bf50566d7631485a0eab73a9d029e87b096916dfbf07df4af2069fc6eb733183
Details sha256 1 
f9ebf40d1228fa240c64d86037f2080588ed67867610aa159b80a553bc55edd7
Details sha256 1 
a515f4f847e8d7b2eb46a855224c8f0e9906435546bb15785b6770f2143bc22a
Details sha256 1 
46706124d4c65111398296ea85b11c57abffbc903714b9f9f8618b80b49bb0f3
Details sha256 2 
c8c789296cc8219d27b32c78e595d3ad6ee1467d2f451f627ce96782a9ff0c5f
Details sha256 1 
9a529b2b77c5c8128c4427066c28ca844ff8ebbd8c3b2da27b8ea129960f861b
Details sha256 1 
fe0f269a1b248c919c4e36db2d7efd3b9624b46f567edd408c2520ec7ba1c9e4
Details sha256 1 
af5ee15f47226687816fc4b61956d78b48f62c43480f14df5115d7e751c3d13d
Details sha256 1 
b8b757c2a3e7ae5bb7d6da9a43877c951fb60dcb606cc925ab0f15cdf43d033b
Details sha256 1 
dff1c7cddd77b1c644c60e6998b3369720c6a54ce015e0044bbbb65d2db556d5
Details sha256 1 
479aa1fa9f1a9af29ed010dbe3b080359508be7055488f2af1d4b10850fe4efc
Details sha256 1 
627a9eb14ecc290fe7fb574200517848e0a992896be68ec459dd263b30c8ca48
Details Url 1 
http://www.win7dll.info
Details Url 8 
https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor
Details Url 1 
https://sysopfb.github.io/malware/2018/04/16/trickbot-uacme.html
Details Url 1 
https://blog.malwarebytes.com/101/2015/12/an-introduction-to-image-file-execution-options
Details Url 2 
http://rce.co/knockin-on-heavens-gate-dynamic-processor-mode-switching