General

  • Target

    c617c1e4c6dcf1763ab47af7010703c9bb8c3384bc3c9ac8522c7ed8908f0e34

  • Size

    846KB

  • Sample

    240429-chvmasfb22

  • MD5

    bb26d12758fac6c043611bf06ea1158d

  • SHA1

    628ab03eea953cf2390e5326857b3abaed401f46

  • SHA256

    c617c1e4c6dcf1763ab47af7010703c9bb8c3384bc3c9ac8522c7ed8908f0e34

  • SHA512

    1c679b6988d0aab14e30793357521df664d187af422b952533999e0a0d3267353e48ae62ac638efdd4c518e76258f78c541b8d63869a6c8cbc419f016d96c65b

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9IeJJ:zQ5aILMCfmAUjzX6xQt9U3917LwrJ

Malware Config

Targets

    • Target

      c617c1e4c6dcf1763ab47af7010703c9bb8c3384bc3c9ac8522c7ed8908f0e34

    • Size

      846KB

    • MD5

      bb26d12758fac6c043611bf06ea1158d

    • SHA1

      628ab03eea953cf2390e5326857b3abaed401f46

    • SHA256

      c617c1e4c6dcf1763ab47af7010703c9bb8c3384bc3c9ac8522c7ed8908f0e34

    • SHA512

      1c679b6988d0aab14e30793357521df664d187af422b952533999e0a0d3267353e48ae62ac638efdd4c518e76258f78c541b8d63869a6c8cbc419f016d96c65b

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9IeJJ:zQ5aILMCfmAUjzX6xQt9U3917LwrJ

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks