General

  • Target

    2d6b22ddd824668bf44557810eee2ef0_NEAS

  • Size

    1.2MB

  • Sample

    240506-25mbwaae83

  • MD5

    2d6b22ddd824668bf44557810eee2ef0

  • SHA1

    554588aa2bb768ceaa722fc121f7a06369ff10d4

  • SHA256

    40789cd8a229a28e6630a9175fee3054e35d403655acffd2c78a1551f0710ce7

  • SHA512

    5ba5f31fa6eed59afacfb143a4ed23d5d32aa25f3b74bb42b735e6e82b370168a60855ce45e9c01c27908a89885c35f67d1625d8fb6fc6e1f141feef164644af

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1Sdr36OTcgapChIwT:E5aIwC+Agr6S/FEVB

Malware Config

Targets

    • Target

      2d6b22ddd824668bf44557810eee2ef0_NEAS

    • Size

      1.2MB

    • MD5

      2d6b22ddd824668bf44557810eee2ef0

    • SHA1

      554588aa2bb768ceaa722fc121f7a06369ff10d4

    • SHA256

      40789cd8a229a28e6630a9175fee3054e35d403655acffd2c78a1551f0710ce7

    • SHA512

      5ba5f31fa6eed59afacfb143a4ed23d5d32aa25f3b74bb42b735e6e82b370168a60855ce45e9c01c27908a89885c35f67d1625d8fb6fc6e1f141feef164644af

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1Sdr36OTcgapChIwT:E5aIwC+Agr6S/FEVB

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks