General

  • Target

    0b30fda1370b12f1d585ac60118b44be527c474d9e930da6c7a2a504627ad5b6.exe

  • Size

    1.3MB

  • Sample

    240704-zq3dfa1bmb

  • MD5

    d248f7c597c8626635d92352b88f2f90

  • SHA1

    b217544d9ada2cc64a49441f2b83aa83cf3a3d3b

  • SHA256

    0b30fda1370b12f1d585ac60118b44be527c474d9e930da6c7a2a504627ad5b6

  • SHA512

    c0f05485973420e113985dbda1664faf8c5b882fd7bd8a483cc69f79e9e474f6b0fc469e30d06b200c6d59c8c73735b61d51dc35c545a3dfd98d9386fd5da68a

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQtjmssdqex1hl+dZQZ8:E5aIwC+Agr6StYCz

Malware Config

Targets

    • Target

      0b30fda1370b12f1d585ac60118b44be527c474d9e930da6c7a2a504627ad5b6.exe

    • Size

      1.3MB

    • MD5

      d248f7c597c8626635d92352b88f2f90

    • SHA1

      b217544d9ada2cc64a49441f2b83aa83cf3a3d3b

    • SHA256

      0b30fda1370b12f1d585ac60118b44be527c474d9e930da6c7a2a504627ad5b6

    • SHA512

      c0f05485973420e113985dbda1664faf8c5b882fd7bd8a483cc69f79e9e474f6b0fc469e30d06b200c6d59c8c73735b61d51dc35c545a3dfd98d9386fd5da68a

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQtjmssdqex1hl+dZQZ8:E5aIwC+Agr6StYCz

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks