General

  • Target

    7dcee7047f1eb19c5412c99a6f967190N.exe

  • Size

    1.4MB

  • Sample

    240823-2kg7estaln

  • MD5

    7dcee7047f1eb19c5412c99a6f967190

  • SHA1

    495b5b63ba37ba404de56f6e1b3f6702a3947ce8

  • SHA256

    4ea3b32ca07f0a39906da12c1cae3a75b9d34d7866058c600f3d38e43bd934fa

  • SHA512

    cf7000951a0d64271866028e1b2737293c9bb7825c158120cd7a93e8a8201352355c27c2ded735d25a1699016174908ae3096b3b2d26f003484e300e8dc42fb4

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkl:E5aIwC+Agr6St1lOqq+jCpLWU

Malware Config

Targets

    • Target

      7dcee7047f1eb19c5412c99a6f967190N.exe

    • Size

      1.4MB

    • MD5

      7dcee7047f1eb19c5412c99a6f967190

    • SHA1

      495b5b63ba37ba404de56f6e1b3f6702a3947ce8

    • SHA256

      4ea3b32ca07f0a39906da12c1cae3a75b9d34d7866058c600f3d38e43bd934fa

    • SHA512

      cf7000951a0d64271866028e1b2737293c9bb7825c158120cd7a93e8a8201352355c27c2ded735d25a1699016174908ae3096b3b2d26f003484e300e8dc42fb4

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkl:E5aIwC+Agr6St1lOqq+jCpLWU

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks