Overview

overview

10

Static

static

10

53b4a3693a...AS.exe

windows7-x64

10

53b4a3693a...AS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53b4a3693af598e83e40f1fac14d8950_NEAS

  • Size

    1013KB

  • Sample

    240507-c9qseshg44

  • MD5

    53b4a3693af598e83e40f1fac14d8950

  • SHA1

    01574d9f3e3d3e602821c9cc1432b3b0752ee06c

  • SHA256

    5e7c6d245a3a0c41f759b46bafbc5cf6ade0744cfc2c4299d3fe0d18201b5f04

  • SHA512

    f4843a4e6ec6a6b9bd405d27575e9a47ee3ed3beab5cbfc6e7740a7ed90431da7e10876170ae74243b266d8b0e95000962178d6ff61a6d8237f3d4d9513fc81c

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEs1HzCHT4TlM9YmJ2Q97v54yRnkQgVf56:zQ5aILMCfmAUjzX6T0TlOnvPyQCf56

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      53b4a3693af598e83e40f1fac14d8950_NEAS

    • Size

      1013KB

    • MD5

      53b4a3693af598e83e40f1fac14d8950

    • SHA1

      01574d9f3e3d3e602821c9cc1432b3b0752ee06c

    • SHA256

      5e7c6d245a3a0c41f759b46bafbc5cf6ade0744cfc2c4299d3fe0d18201b5f04

    • SHA512

      f4843a4e6ec6a6b9bd405d27575e9a47ee3ed3beab5cbfc6e7740a7ed90431da7e10876170ae74243b266d8b0e95000962178d6ff61a6d8237f3d4d9513fc81c

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEs1HzCHT4TlM9YmJ2Q97v54yRnkQgVf56:zQ5aILMCfmAUjzX6T0TlOnvPyQCf56

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks