General

  • Target

    fafb7e13118943c41009173eadaf2e80_NEIKI

  • Size

    1.1MB

  • Sample

    240508-he4npaac32

  • MD5

    fafb7e13118943c41009173eadaf2e80

  • SHA1

    4d02f84e78b6e50161d47e3403535387450a6141

  • SHA256

    cba35bc6c8c39c0bfaa0aa9c752b44c9caf477003e00d79b13bc42c5283ecbd3

  • SHA512

    d5736433d7dee4b4410a8372d558ac77c463ccc243e9531214babf8c2ded6bcd7185cb25a305c81b9c1b66e643c6d88042dca102d0c64704319ef36c41fb4374

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm13eia5G7yLmqky:E5aIwC+Agr6S/Fppa5Gs

Malware Config

Targets

    • Target

      fafb7e13118943c41009173eadaf2e80_NEIKI

    • Size

      1.1MB

    • MD5

      fafb7e13118943c41009173eadaf2e80

    • SHA1

      4d02f84e78b6e50161d47e3403535387450a6141

    • SHA256

      cba35bc6c8c39c0bfaa0aa9c752b44c9caf477003e00d79b13bc42c5283ecbd3

    • SHA512

      d5736433d7dee4b4410a8372d558ac77c463ccc243e9531214babf8c2ded6bcd7185cb25a305c81b9c1b66e643c6d88042dca102d0c64704319ef36c41fb4374

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm13eia5G7yLmqky:E5aIwC+Agr6S/Fppa5Gs

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks