General

  • Target

    db3e99d332bdd6207b7e01d30c013ae0N.exe

  • Size

    1.4MB

  • Sample

    240823-st6fyavbrj

  • MD5

    db3e99d332bdd6207b7e01d30c013ae0

  • SHA1

    158d747482ddc1ffb1066123e2fdb5378bf52c49

  • SHA256

    65b06308a80f1ecab4582541a6a3f27cc5b4783a2ea9878e04cb20f6b0d9d474

  • SHA512

    a54da15bcdb63b5fc65e40712196c32ef040102f5fb8c6baeed10572a48bbba2b28ba7a7482320fe57350f824f307c8b6f6583002a70fe78451cfa74d07f1fdf

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdk5:E5aIwC+Agr6St1lOqq+jCpLWe

Malware Config

Targets

    • Target

      db3e99d332bdd6207b7e01d30c013ae0N.exe

    • Size

      1.4MB

    • MD5

      db3e99d332bdd6207b7e01d30c013ae0

    • SHA1

      158d747482ddc1ffb1066123e2fdb5378bf52c49

    • SHA256

      65b06308a80f1ecab4582541a6a3f27cc5b4783a2ea9878e04cb20f6b0d9d474

    • SHA512

      a54da15bcdb63b5fc65e40712196c32ef040102f5fb8c6baeed10572a48bbba2b28ba7a7482320fe57350f824f307c8b6f6583002a70fe78451cfa74d07f1fdf

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdk5:E5aIwC+Agr6St1lOqq+jCpLWe

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks