General

  • Target

    b0600586fc73f66cf4c5f4024c842ec0_NEIKI

  • Size

    1.1MB

  • Sample

    240508-dep33she62

  • MD5

    b0600586fc73f66cf4c5f4024c842ec0

  • SHA1

    d0419f487fda110bb383b48732c2c5b8af0ac9bf

  • SHA256

    065c5a58fda3891a107fc06dfcc7927e67646f0f5ac27f052bfdbd4ecce0257f

  • SHA512

    8770a43e6b28c93083985ae92fd1ff03f915ee12b5e18798e5f36e06283a54b362a2cc8e0e4f7b3a4d83c3a2584fb8f719036ae194ce720cc49294c9b6289000

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZcnDP7:E5aIwC+Agr6S/FFC+L7

Malware Config

Targets

    • Target

      b0600586fc73f66cf4c5f4024c842ec0_NEIKI

    • Size

      1.1MB

    • MD5

      b0600586fc73f66cf4c5f4024c842ec0

    • SHA1

      d0419f487fda110bb383b48732c2c5b8af0ac9bf

    • SHA256

      065c5a58fda3891a107fc06dfcc7927e67646f0f5ac27f052bfdbd4ecce0257f

    • SHA512

      8770a43e6b28c93083985ae92fd1ff03f915ee12b5e18798e5f36e06283a54b362a2cc8e0e4f7b3a4d83c3a2584fb8f719036ae194ce720cc49294c9b6289000

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZcnDP7:E5aIwC+Agr6S/FFC+L7

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks