General

  • Target

    e97bbd2ee0aa440c035ede21e0915f30N.exe

  • Size

    1.4MB

  • Sample

    240824-avsmcsxgjr

  • MD5

    e97bbd2ee0aa440c035ede21e0915f30

  • SHA1

    58be6c23488c5a1fc834fa8a7f4cdc5dacfe9c05

  • SHA256

    173ac27d3f21ad1752112bf2d70b06c6f6424edddafaa85f174bd346ac14ce91

  • SHA512

    3c194ca0dd625c6d97c65cbe7fa35de5c7fd3c9e616179de491e68ff4122b6894613162d5d782255f05ae16d09b90627e8cc371c3bb2ed58cfaa3779bc45c947

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkdL:E5aIwC+Agr6St1lOqq+jCpLWuL

Malware Config

Targets

    • Target

      e97bbd2ee0aa440c035ede21e0915f30N.exe

    • Size

      1.4MB

    • MD5

      e97bbd2ee0aa440c035ede21e0915f30

    • SHA1

      58be6c23488c5a1fc834fa8a7f4cdc5dacfe9c05

    • SHA256

      173ac27d3f21ad1752112bf2d70b06c6f6424edddafaa85f174bd346ac14ce91

    • SHA512

      3c194ca0dd625c6d97c65cbe7fa35de5c7fd3c9e616179de491e68ff4122b6894613162d5d782255f05ae16d09b90627e8cc371c3bb2ed58cfaa3779bc45c947

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkdL:E5aIwC+Agr6St1lOqq+jCpLWuL

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks