General

  • Target

    121f01636a3ea9d02d42f317f417af9d1ec553805f88d788b9ade83586d694ba

  • Size

    1.3MB

  • Sample

    240507-xg9eaaab7y

  • MD5

    fb79f9fb02992d0e53b0aeb701e0d439

  • SHA1

    d89df905142cd634123d55d6e7537cfc36e49981

  • SHA256

    121f01636a3ea9d02d42f317f417af9d1ec553805f88d788b9ade83586d694ba

  • SHA512

    819032457fc18a892c45ca524c3ba7f43ef48915b8afdd758614009f289fb525d7b86d0336cf8136e2fa4410d142110cfaa77f7f6552689ac79c3f0c581df32d

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6gfU1pjwjbsXhmvZssrD+nRgnf4NvlOSw:E5aIwC+Agr6g81p1vsrNiw

Malware Config

Targets

    • Target

      121f01636a3ea9d02d42f317f417af9d1ec553805f88d788b9ade83586d694ba

    • Size

      1.3MB

    • MD5

      fb79f9fb02992d0e53b0aeb701e0d439

    • SHA1

      d89df905142cd634123d55d6e7537cfc36e49981

    • SHA256

      121f01636a3ea9d02d42f317f417af9d1ec553805f88d788b9ade83586d694ba

    • SHA512

      819032457fc18a892c45ca524c3ba7f43ef48915b8afdd758614009f289fb525d7b86d0336cf8136e2fa4410d142110cfaa77f7f6552689ac79c3f0c581df32d

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6gfU1pjwjbsXhmvZssrD+nRgnf4NvlOSw:E5aIwC+Agr6g81p1vsrNiw

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks