Overview

overview

10

Static

static

10

63dd504590...AS.exe

windows7-x64

10

63dd504590...AS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63dd50459022417355a344051addbb40_NEAS

  • Size

    926KB

  • Sample

    240507-nzyaasef2y

  • MD5

    63dd50459022417355a344051addbb40

  • SHA1

    0c63375768c07404e70aa5af77061d6cc2f4b901

  • SHA256

    b9099e6b5cb7a631aef9551575a83e5f5b7bf5121bdd76ee7f96c50155e63753

  • SHA512

    135710986db626bdf75834ff9779d130d59f63d5afb6df7e45addc6d321154a57176d8a526ff314779c531660e556ab1de50c943392689a7a66943267cf92c08

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQNhW4L+OR9a:zQ5aILMCfmAUjzX6xQtjmsNLRu

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      63dd50459022417355a344051addbb40_NEAS

    • Size

      926KB

    • MD5

      63dd50459022417355a344051addbb40

    • SHA1

      0c63375768c07404e70aa5af77061d6cc2f4b901

    • SHA256

      b9099e6b5cb7a631aef9551575a83e5f5b7bf5121bdd76ee7f96c50155e63753

    • SHA512

      135710986db626bdf75834ff9779d130d59f63d5afb6df7e45addc6d321154a57176d8a526ff314779c531660e556ab1de50c943392689a7a66943267cf92c08

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQNhW4L+OR9a:zQ5aILMCfmAUjzX6xQtjmsNLRu

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks