General

  • Target

    8e0405f6d72de1a600fdf185b178dff0N.exe

  • Size

    1.4MB

  • Sample

    240824-yd7xqaxfjp

  • MD5

    8e0405f6d72de1a600fdf185b178dff0

  • SHA1

    b228f3d3e2576b2da8993c8c060b68801fbcfca3

  • SHA256

    0cc516d637ffd8458acf87ac74668b8eeacedea9685f91b385a8d90bad118916

  • SHA512

    010af4f1382896b44a5d5e5cc934cd9c1c813b164b62517d3ebae995ba218ee5d4293aa0389ab6211670fb1ed96356430790b379adc630b277b3c724adc43677

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkjn:E5aIwC+Agr6St1lOqq+jCpLWe

Malware Config

Targets

    • Target

      8e0405f6d72de1a600fdf185b178dff0N.exe

    • Size

      1.4MB

    • MD5

      8e0405f6d72de1a600fdf185b178dff0

    • SHA1

      b228f3d3e2576b2da8993c8c060b68801fbcfca3

    • SHA256

      0cc516d637ffd8458acf87ac74668b8eeacedea9685f91b385a8d90bad118916

    • SHA512

      010af4f1382896b44a5d5e5cc934cd9c1c813b164b62517d3ebae995ba218ee5d4293aa0389ab6211670fb1ed96356430790b379adc630b277b3c724adc43677

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkjn:E5aIwC+Agr6St1lOqq+jCpLWe

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks