General

  • Target

    ff6a8c4068df9ac5aea2620dadf3e4c94d51c6a187ea3761932583a74c61432f

  • Size

    834KB

  • Sample

    240429-e31p6aaf2v

  • MD5

    e231db3988b1e122b6121ff17758d343

  • SHA1

    569005dca634190da835a6c319a77ddaacf160d3

  • SHA256

    ff6a8c4068df9ac5aea2620dadf3e4c94d51c6a187ea3761932583a74c61432f

  • SHA512

    bb3467f65f06a2a6d8c213c8624d6eeb03f6a1ac76dd1e47112e64cc8861e38ac2948b84601f15b0eb2ad22e07a4f2a0c168bb91039885632c433110138ff273

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9I8KxRw2O:zQ5aILMCfmAUjzX6xQt9U3917Lwgjw2O

Malware Config

Targets

    • Target

      ff6a8c4068df9ac5aea2620dadf3e4c94d51c6a187ea3761932583a74c61432f

    • Size

      834KB

    • MD5

      e231db3988b1e122b6121ff17758d343

    • SHA1

      569005dca634190da835a6c319a77ddaacf160d3

    • SHA256

      ff6a8c4068df9ac5aea2620dadf3e4c94d51c6a187ea3761932583a74c61432f

    • SHA512

      bb3467f65f06a2a6d8c213c8624d6eeb03f6a1ac76dd1e47112e64cc8861e38ac2948b84601f15b0eb2ad22e07a4f2a0c168bb91039885632c433110138ff273

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9I8KxRw2O:zQ5aILMCfmAUjzX6xQt9U3917Lwgjw2O

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks