General

  • Target

    33e4cf784e8f6447d525872c2e3ecc10_NEIKI

  • Size

    1.3MB

  • Sample

    240508-kqlncscc4x

  • MD5

    33e4cf784e8f6447d525872c2e3ecc10

  • SHA1

    1150a1c204e3ef62fc02979b8d78465d37620489

  • SHA256

    078c3a5f3d04bfd3a19b7bc69e629c1baa115d3226520c86d9e4b6f78c5b5782

  • SHA512

    ac38f5e5c7cd15eff7cd595ad074394781ba633202d240ded82442ea32220d28992b6367fff5bc00823364fa08f895d31787be8b44ace446ee65ec9e5d079a24

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1Sdr36OTcgapChIRG:E5aIwC+Agr6S/FEV/

Malware Config

Targets

    • Target

      33e4cf784e8f6447d525872c2e3ecc10_NEIKI

    • Size

      1.3MB

    • MD5

      33e4cf784e8f6447d525872c2e3ecc10

    • SHA1

      1150a1c204e3ef62fc02979b8d78465d37620489

    • SHA256

      078c3a5f3d04bfd3a19b7bc69e629c1baa115d3226520c86d9e4b6f78c5b5782

    • SHA512

      ac38f5e5c7cd15eff7cd595ad074394781ba633202d240ded82442ea32220d28992b6367fff5bc00823364fa08f895d31787be8b44ace446ee65ec9e5d079a24

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1Sdr36OTcgapChIRG:E5aIwC+Agr6S/FEV/

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks