General

  • Target

    88a8384f25ac2d1f0bac03a8a4257050N.exe

  • Size

    864KB

  • Sample

    240807-jh8bqaxhpf

  • MD5

    88a8384f25ac2d1f0bac03a8a4257050

  • SHA1

    d12c707ba6240bca95dfca1fb2fafbeb70b9f3b8

  • SHA256

    4f751b4b3027b2aa16ac5c26e1b6bce7409fa28ecc4bbe2bcaf4dad525407d2b

  • SHA512

    3e14a709a0e8d21b540bb780c83fba4f6f778d70f1763337ae10d2661ea3bbbdadb1d479720ed084655d45b4917b30ba55d862db1e8b02460fa622512da8f8c0

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQGCsksQjn6YHldGm1ufSD8GlvzG:zQ5aILMCfmAUjzX6xQGCZLFdGm13JvzG

Malware Config

Targets

    • Target

      88a8384f25ac2d1f0bac03a8a4257050N.exe

    • Size

      864KB

    • MD5

      88a8384f25ac2d1f0bac03a8a4257050

    • SHA1

      d12c707ba6240bca95dfca1fb2fafbeb70b9f3b8

    • SHA256

      4f751b4b3027b2aa16ac5c26e1b6bce7409fa28ecc4bbe2bcaf4dad525407d2b

    • SHA512

      3e14a709a0e8d21b540bb780c83fba4f6f778d70f1763337ae10d2661ea3bbbdadb1d479720ed084655d45b4917b30ba55d862db1e8b02460fa622512da8f8c0

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQGCsksQjn6YHldGm1ufSD8GlvzG:zQ5aILMCfmAUjzX6xQGCZLFdGm13JvzG

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks