General

  • Target

    ebd4d48bfcd6dd6a388fb0f303caff22eabebf1e74ae61fa3688ff232435b894

  • Size

    1.2MB

  • Sample

    240424-159xhaae81

  • MD5

    81f95d3c0563e2e9474cfef37ffc5d74

  • SHA1

    d264357b5053ba954fead43ee3adae5d5bf36955

  • SHA256

    ebd4d48bfcd6dd6a388fb0f303caff22eabebf1e74ae61fa3688ff232435b894

  • SHA512

    ce5c33a1b425b819ebd5f3db54ef61aa8ba85e322459240c8927d37d9f4e0a09244ed4127df8da6728594e535d18b498bcb6efee899698a25d28e66b80ed65d3

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1Sdr36OTcgO9c:E5aIwC+Agr6S/FESc

Malware Config

Targets

    • Target

      ebd4d48bfcd6dd6a388fb0f303caff22eabebf1e74ae61fa3688ff232435b894

    • Size

      1.2MB

    • MD5

      81f95d3c0563e2e9474cfef37ffc5d74

    • SHA1

      d264357b5053ba954fead43ee3adae5d5bf36955

    • SHA256

      ebd4d48bfcd6dd6a388fb0f303caff22eabebf1e74ae61fa3688ff232435b894

    • SHA512

      ce5c33a1b425b819ebd5f3db54ef61aa8ba85e322459240c8927d37d9f4e0a09244ed4127df8da6728594e535d18b498bcb6efee899698a25d28e66b80ed65d3

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1Sdr36OTcgO9c:E5aIwC+Agr6S/FESc

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks