General

  • Target

    63beb7b216bb81ba7ac5ea9ff7875949c3afada99570e8f5f1f4d7bb001fd786

  • Size

    1.3MB

  • Sample

    240428-1rdl5sad71

  • MD5

    73af1b9f3bea9d457ef1fce652c3e253

  • SHA1

    f304c500df31fa3127dc57a25afa908b62e946bb

  • SHA256

    63beb7b216bb81ba7ac5ea9ff7875949c3afada99570e8f5f1f4d7bb001fd786

  • SHA512

    2054ae667de854525bc622e35d638c651948f9bc614d0b7bfb9c1d1fbea5b311b6c482518c1881b4cb1c702a85a07d80d8691b2db7e23bbe6598436057f18b37

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcFxmKZ:E5aIwC+Agr6S/FYqOc2ml

Malware Config

Targets

    • Target

      63beb7b216bb81ba7ac5ea9ff7875949c3afada99570e8f5f1f4d7bb001fd786

    • Size

      1.3MB

    • MD5

      73af1b9f3bea9d457ef1fce652c3e253

    • SHA1

      f304c500df31fa3127dc57a25afa908b62e946bb

    • SHA256

      63beb7b216bb81ba7ac5ea9ff7875949c3afada99570e8f5f1f4d7bb001fd786

    • SHA512

      2054ae667de854525bc622e35d638c651948f9bc614d0b7bfb9c1d1fbea5b311b6c482518c1881b4cb1c702a85a07d80d8691b2db7e23bbe6598436057f18b37

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcFxmKZ:E5aIwC+Agr6S/FYqOc2ml

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks