Overview

overview

10

Static

static

10

42755e0fbb...f2.exe

windows7-x64

10

42755e0fbb...f2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42755e0fbbf9c46c82c1777d4068e32ffa36c3c4b5f6e3580094286f8985f9f2

  • Size

    1.3MB

  • Sample

    240505-zxcfladh7z

  • MD5

    2f99d51a67ac96a6132b73e558c036ff

  • SHA1

    3228f440838a43bf7863d99438d9c288dd3ee8a6

  • SHA256

    42755e0fbbf9c46c82c1777d4068e32ffa36c3c4b5f6e3580094286f8985f9f2

  • SHA512

    f80971069f357a691a639b675b399ac2bc80e62a85aec188168232dc9c84ffcd76f52cd173c5e039994d587fdd62ec3848782746999c3d8eece21f323f823fc2

  • SSDEEP

    24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0UOSQCM0:E5aIwC+Agr6twjVDT

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      42755e0fbbf9c46c82c1777d4068e32ffa36c3c4b5f6e3580094286f8985f9f2

    • Size

      1.3MB

    • MD5

      2f99d51a67ac96a6132b73e558c036ff

    • SHA1

      3228f440838a43bf7863d99438d9c288dd3ee8a6

    • SHA256

      42755e0fbbf9c46c82c1777d4068e32ffa36c3c4b5f6e3580094286f8985f9f2

    • SHA512

      f80971069f357a691a639b675b399ac2bc80e62a85aec188168232dc9c84ffcd76f52cd173c5e039994d587fdd62ec3848782746999c3d8eece21f323f823fc2

    • SSDEEP

      24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0UOSQCM0:E5aIwC+Agr6twjVDT

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks