kpot | b4951294310812af38750d9950640e10bac7c76cc587f70959bc90c96e66edb9 | Triage

Submit
Reports

Overview

overview

Static

static

b495129431...b9.exe

windows7-x64

b495129431...b9.exe

windows10-2004-x64

Sharing

General

Target

b4951294310812af38750d9950640e10bac7c76cc587f70959bc90c96e66edb9
Size

854KB
Sample

240420-b7tkvsec2w
MD5

073e675ce3952698edc96a80e8e39dac
SHA1

897b6129cdfe21d659864b93bf5b9af97d7528c1
SHA256

b4951294310812af38750d9950640e10bac7c76cc587f70959bc90c96e66edb9
SHA512

626f6306fddd6b3f903f5486ed608c074634cbbd7a1846fa27064e5aaee986a1db6493db714357d21250f26fe96d2cefea5a428460c2a3f94a1e7cdde578a096
SSDEEP

12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQy:zQ5aILMCfmAUjzX6xQtjmsy

Score

10^/10

kpot trickbot banker evasion stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b4951294310812af38750d9950640e10bac7c76cc587f70959bc90c96e66edb9.exe

Resource

win7-20240221-en

kpot trickbot banker evasion stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4951294310812af38750d9950640e10bac7c76cc587f70959bc90c96e66edb9.exe

Resource

win10v2004-20240412-en

kpot trickbot banker stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  b4951294310812af38750d9950640e10bac7c76cc587f70959bc90c96e66edb9
- Size
  
  854KB
- MD5
  
  073e675ce3952698edc96a80e8e39dac
- SHA1
  
  897b6129cdfe21d659864b93bf5b9af97d7528c1
- SHA256
  
  b4951294310812af38750d9950640e10bac7c76cc587f70959bc90c96e66edb9
- SHA512
  
  626f6306fddd6b3f903f5486ed608c074634cbbd7a1846fa27064e5aaee986a1db6493db714357d21250f26fe96d2cefea5a428460c2a3f94a1e7cdde578a096
- SSDEEP
  
  12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQy:zQ5aILMCfmAUjzX6xQtjmsy
Score

10^/10

kpot trickbot banker evasion stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kpottrickbotbankerevasionstealertrojan

behavioral2

kpottrickbotbankerstealertrojan

© 2018-2024

Terms | Privacy