General

  • Target

    1db19bd8174b36d6886c6bb6365dcfafc5c9a0d538492cd21ee09b5bc52cdb3e

  • Size

    1.3MB

  • Sample

    240429-xy4v5aba2z

  • MD5

    6598417412c59c4b6a4f4e9903c087f4

  • SHA1

    d8c02a6596833c2e86dfe21f3cd2249b61f34edd

  • SHA256

    1db19bd8174b36d6886c6bb6365dcfafc5c9a0d538492cd21ee09b5bc52cdb3e

  • SHA512

    1e372cc3d9c45bf80c26de0975649f52d3bd6f9e05599b8fae4ff4e0043a494bbbb0052c4301aafa51c66bd12e7d220ba9fb5106cb5a8bf8e0bb7617ce8c81e1

  • SSDEEP

    24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0nYH7:E5aIwC+Agr6twjVDOU

Malware Config

Targets

    • Target

      1db19bd8174b36d6886c6bb6365dcfafc5c9a0d538492cd21ee09b5bc52cdb3e

    • Size

      1.3MB

    • MD5

      6598417412c59c4b6a4f4e9903c087f4

    • SHA1

      d8c02a6596833c2e86dfe21f3cd2249b61f34edd

    • SHA256

      1db19bd8174b36d6886c6bb6365dcfafc5c9a0d538492cd21ee09b5bc52cdb3e

    • SHA512

      1e372cc3d9c45bf80c26de0975649f52d3bd6f9e05599b8fae4ff4e0043a494bbbb0052c4301aafa51c66bd12e7d220ba9fb5106cb5a8bf8e0bb7617ce8c81e1

    • SSDEEP

      24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0nYH7:E5aIwC+Agr6twjVDOU

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks