Managed XDR

payload_1.bin (TrickBot) — malware analysis report

File info

Filename
payload_1.bin
File type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
File size
24 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
bf48ff5d9363c8f95350fc6fe1e2ae5485dc31f8
SHA256
61da07b3022e1917d8bb8fdcdbc79d0461743419c6437bfac5329fe94493a90a
MD5
33c1e9dadbf2f44b694a60c12ea28c8e

Malwares

  • TrickBot

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
pe_overlay: PE file contains overlay

Related reports