General

  • Target

    4d9ced459922db822c39a4e66c1a7b17cb7b1f98dd61bbd6a82992fdaec26489

  • Size

    884KB

  • Sample

    240508-199gjaaf21

  • MD5

    4d5c6295304b3d131e4b2bdefd1ad0bb

  • SHA1

    badce8c63d446f914d7dde49d9301fbc1fac30f9

  • SHA256

    4d9ced459922db822c39a4e66c1a7b17cb7b1f98dd61bbd6a82992fdaec26489

  • SHA512

    006632ec77e9c3a56aab0432c59c36dbfb2c251a7ea3309d7a3c2e134509f62053244f9fd22456f60f4830016838957962c9756be5bcc20d54d8e010a45fa78b

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQt+4EnpZgkJOSSk7:E5aIwC+Agr6StVEn0ks0

Malware Config

Targets

    • Target

      4d9ced459922db822c39a4e66c1a7b17cb7b1f98dd61bbd6a82992fdaec26489

    • Size

      884KB

    • MD5

      4d5c6295304b3d131e4b2bdefd1ad0bb

    • SHA1

      badce8c63d446f914d7dde49d9301fbc1fac30f9

    • SHA256

      4d9ced459922db822c39a4e66c1a7b17cb7b1f98dd61bbd6a82992fdaec26489

    • SHA512

      006632ec77e9c3a56aab0432c59c36dbfb2c251a7ea3309d7a3c2e134509f62053244f9fd22456f60f4830016838957962c9756be5bcc20d54d8e010a45fa78b

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQt+4EnpZgkJOSSk7:E5aIwC+Agr6StVEn0ks0

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks