General

  • Target

    dbfb67d03520ba94ccd23a7aa0efa4d95cb16006fefff5aeaa82b493af26b077

  • Size

    1.1MB

  • Sample

    240501-ely51ahe22

  • MD5

    6bb42c426a68812c5dcb63d8f8aae17a

  • SHA1

    07391cc8ce3e00d9151f399e1a9a92770ed0c57e

  • SHA256

    dbfb67d03520ba94ccd23a7aa0efa4d95cb16006fefff5aeaa82b493af26b077

  • SHA512

    594b8a4104002e9583e1eac718e8df994415254f007d5d9980ea13c0a714f77e6d11de241a4f11ee07c4fe96c9c21efa84933ccb9ffdccdbd994b2dc68bbce8e

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZcnDPoeDQd:E5aIwC+Agr6S/FFC+L0

Malware Config

Targets

    • Target

      dbfb67d03520ba94ccd23a7aa0efa4d95cb16006fefff5aeaa82b493af26b077

    • Size

      1.1MB

    • MD5

      6bb42c426a68812c5dcb63d8f8aae17a

    • SHA1

      07391cc8ce3e00d9151f399e1a9a92770ed0c57e

    • SHA256

      dbfb67d03520ba94ccd23a7aa0efa4d95cb16006fefff5aeaa82b493af26b077

    • SHA512

      594b8a4104002e9583e1eac718e8df994415254f007d5d9980ea13c0a714f77e6d11de241a4f11ee07c4fe96c9c21efa84933ccb9ffdccdbd994b2dc68bbce8e

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZcnDPoeDQd:E5aIwC+Agr6S/FFC+L0

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Discovery

Query Registry

1
T1012

Impact

Service Stop

1
T1489

Tasks