General

  • Target

    a58a792733884063d08ece9fa75c99e7cdfe5d0c1bb0d5a1f4ef203ff5b60744

  • Size

    1.6MB

  • Sample

    240523-br98nsgd6s

  • MD5

    0b54440728c218b809c865efde2be968

  • SHA1

    620c868da0e65cf15bd0fc9ba1bf5dfe8221a5a8

  • SHA256

    a58a792733884063d08ece9fa75c99e7cdfe5d0c1bb0d5a1f4ef203ff5b60744

  • SHA512

    84108b95a985bd8cddccb121707c02c7d471da0d3cfc02e4b5963e126c40f5d97f8e42258b05d26b3510dd7d1aac91cc0807b6ba4b7079b518d6e8114bd14040

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQE4efQg3zNn+2jsvercPk9N4hVI3/BxL+XKHZjb//8ISgH4:E5aIwC+Agr6SqCPGC6HZkIT/b/U

Malware Config

Targets

    • Target

      a58a792733884063d08ece9fa75c99e7cdfe5d0c1bb0d5a1f4ef203ff5b60744

    • Size

      1.6MB

    • MD5

      0b54440728c218b809c865efde2be968

    • SHA1

      620c868da0e65cf15bd0fc9ba1bf5dfe8221a5a8

    • SHA256

      a58a792733884063d08ece9fa75c99e7cdfe5d0c1bb0d5a1f4ef203ff5b60744

    • SHA512

      84108b95a985bd8cddccb121707c02c7d471da0d3cfc02e4b5963e126c40f5d97f8e42258b05d26b3510dd7d1aac91cc0807b6ba4b7079b518d6e8114bd14040

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQE4efQg3zNn+2jsvercPk9N4hVI3/BxL+XKHZjb//8ISgH4:E5aIwC+Agr6SqCPGC6HZkIT/b/U

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Discovery

Query Registry

1
T1012

Impact

Service Stop

1
T1489

Tasks