General

  • Target

    b3f11a399dfa61522c1a34722779316eae8c21afcc120a01c820f4f198a5ce6c

  • Size

    1.1MB

  • Sample

    240502-ch8h6aea5t

  • MD5

    5c4906004e74ec9700226dd3ec8fab6d

  • SHA1

    4a6f23f7f2b71f48a2a8ff357005b4030003c3f9

  • SHA256

    b3f11a399dfa61522c1a34722779316eae8c21afcc120a01c820f4f198a5ce6c

  • SHA512

    2bf8d979fd75ff12518206a3e988ba926be3a8a17e797ea9972633c1685303f62de65db950e3dd9abd1d492b50749890899066f2d0a16613d747ab2b9eaa233e

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZcnDPMD3:E5aIwC+Agr6S/FFC+Lc

Malware Config

Targets

    • Target

      b3f11a399dfa61522c1a34722779316eae8c21afcc120a01c820f4f198a5ce6c

    • Size

      1.1MB

    • MD5

      5c4906004e74ec9700226dd3ec8fab6d

    • SHA1

      4a6f23f7f2b71f48a2a8ff357005b4030003c3f9

    • SHA256

      b3f11a399dfa61522c1a34722779316eae8c21afcc120a01c820f4f198a5ce6c

    • SHA512

      2bf8d979fd75ff12518206a3e988ba926be3a8a17e797ea9972633c1685303f62de65db950e3dd9abd1d492b50749890899066f2d0a16613d747ab2b9eaa233e

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZcnDPMD3:E5aIwC+Agr6S/FFC+Lc

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks