kpot | 4d3c4cc5712e7b01e6431878b9db3e7f20d034bbcf9ee7bb0f83a3077ba5f797 | Triage

Submit
Reports

Overview

overview

Static

static

4d3c4cc571...97.exe

windows7-x64

4d3c4cc571...97.exe

windows10-2004-x64

Sharing

General

Target

4d3c4cc5712e7b01e6431878b9db3e7f20d034bbcf9ee7bb0f83a3077ba5f797
Size

1.3MB
Sample

240422-1m9tsagh2z
MD5

4a5a4ca5c5ab35394085b2f455f92f1c
SHA1

ca8e32a63e5175563d99943febbebd7eb64e77f0
SHA256

4d3c4cc5712e7b01e6431878b9db3e7f20d034bbcf9ee7bb0f83a3077ba5f797
SHA512

48aab667ec38524d196fd92e39bc0b2fbb65bb1d1b4559d8f0adf8ff6a9ab4ed58eb443e6895bfbc34d7415780ef321d3985e5b19beadbc345ee16fcf5e920c8
SSDEEP

24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHz9oEgcH8:E5aIwC+Agr6St1lOqq+jCp2EgO8

Score

10^/10

kpot trickbot banker evasion stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

4d3c4cc5712e7b01e6431878b9db3e7f20d034bbcf9ee7bb0f83a3077ba5f797.exe

Resource

win7-20240221-en

kpot trickbot banker evasion stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d3c4cc5712e7b01e6431878b9db3e7f20d034bbcf9ee7bb0f83a3077ba5f797.exe

Resource

win10v2004-20240226-en

kpot trickbot banker stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  4d3c4cc5712e7b01e6431878b9db3e7f20d034bbcf9ee7bb0f83a3077ba5f797
- Size
  
  1.3MB
- MD5
  
  4a5a4ca5c5ab35394085b2f455f92f1c
- SHA1
  
  ca8e32a63e5175563d99943febbebd7eb64e77f0
- SHA256
  
  4d3c4cc5712e7b01e6431878b9db3e7f20d034bbcf9ee7bb0f83a3077ba5f797
- SHA512
  
  48aab667ec38524d196fd92e39bc0b2fbb65bb1d1b4559d8f0adf8ff6a9ab4ed58eb443e6895bfbc34d7415780ef321d3985e5b19beadbc345ee16fcf5e920c8
- SSDEEP
  
  24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHz9oEgcH8:E5aIwC+Agr6St1lOqq+jCp2EgO8
Score

10^/10

kpot trickbot banker evasion stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kpottrickbotbankerevasionstealertrojan

behavioral2

kpottrickbotbankerstealertrojan

© 2018-2024

Terms | Privacy