kpot | cc3879487d24c8fc3961e0d0dce1b0e1d456a2a6ac745f04223c985c64529760 | Triage

Submit
Reports

Overview

overview

Static

static

cc3879487d...60.exe

windows7-x64

cc3879487d...60.exe

windows10-2004-x64

Sharing

General

Target

cc3879487d24c8fc3961e0d0dce1b0e1d456a2a6ac745f04223c985c64529760
Size

1002KB
Sample

240409-cyssmsbg75
MD5

b50a57f4416f6837a2945996e6b63a80
SHA1

de6fe8a4dbbf64363f0cf976e5a9b5e00951abf9
SHA256

cc3879487d24c8fc3961e0d0dce1b0e1d456a2a6ac745f04223c985c64529760
SHA512

f03fd534dd9cbec5969bd7868e59de594c2720a53111b1ab2f24f351c9a42424602aaadc9fb7b84b6d71db1cc8de19c6f6016d862f54b649fd58cc731a2084ca
SSDEEP

24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZSeE7Lu:E5aIwC+Agr6S/FFCwrG

Score

10^/10

kpot trickbot banker evasion stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

cc3879487d24c8fc3961e0d0dce1b0e1d456a2a6ac745f04223c985c64529760.exe

Resource

win7-20240221-en

kpot trickbot banker evasion stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc3879487d24c8fc3961e0d0dce1b0e1d456a2a6ac745f04223c985c64529760.exe

Resource

win10v2004-20240319-en

kpot trickbot banker stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cc3879487d24c8fc3961e0d0dce1b0e1d456a2a6ac745f04223c985c64529760
- Size
  
  1002KB
- MD5
  
  b50a57f4416f6837a2945996e6b63a80
- SHA1
  
  de6fe8a4dbbf64363f0cf976e5a9b5e00951abf9
- SHA256
  
  cc3879487d24c8fc3961e0d0dce1b0e1d456a2a6ac745f04223c985c64529760
- SHA512
  
  f03fd534dd9cbec5969bd7868e59de594c2720a53111b1ab2f24f351c9a42424602aaadc9fb7b84b6d71db1cc8de19c6f6016d862f54b649fd58cc731a2084ca
- SSDEEP
  
  24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1StE10/ZSeE7Lu:E5aIwC+Agr6S/FFCwrG
Score

10^/10

kpot trickbot banker evasion stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

kpottrickbotbankerevasionstealertrojan

behavioral2

kpottrickbotbankerstealertrojan

© 2018-2025

Terms | Privacy