General

  • Target

    31a7a9f4c1bd6878ebb032628250dec0N.exe

  • Size

    871KB

  • Sample

    240807-ahj5fsvekp

  • MD5

    31a7a9f4c1bd6878ebb032628250dec0

  • SHA1

    d20398e3e8a6bfb25ac136aaa4e5e7d85531028a

  • SHA256

    cec69ba4d60812f179738c43bf37d4af423a4796bf67fcde41d963e2b475f689

  • SHA512

    e559314167874c5ceb6f2209761f693a9d129a4abe6f467a15c68abaf89228ec87c91972e41d2b5dee9034b9ac80ffdda294c011948aa0e3387c078c9dccd3a4

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQGCsksQjn6YHldGm1ufSD8Gl4:zQ5aILMCfmAUjzX6xQGCZLFdGm13J4

Malware Config

Targets

    • Target

      31a7a9f4c1bd6878ebb032628250dec0N.exe

    • Size

      871KB

    • MD5

      31a7a9f4c1bd6878ebb032628250dec0

    • SHA1

      d20398e3e8a6bfb25ac136aaa4e5e7d85531028a

    • SHA256

      cec69ba4d60812f179738c43bf37d4af423a4796bf67fcde41d963e2b475f689

    • SHA512

      e559314167874c5ceb6f2209761f693a9d129a4abe6f467a15c68abaf89228ec87c91972e41d2b5dee9034b9ac80ffdda294c011948aa0e3387c078c9dccd3a4

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQGCsksQjn6YHldGm1ufSD8Gl4:zQ5aILMCfmAUjzX6xQGCZLFdGm13J4

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks