Overview

overview

10

Static

static

10

d20f6874b7...KI.exe

windows7-x64

10

d20f6874b7...KI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d20f6874b72bb6e0ecbb77d82d8c9710_NEIKI

  • Size

    1.3MB

  • Sample

    240508-rcd5paad75

  • MD5

    d20f6874b72bb6e0ecbb77d82d8c9710

  • SHA1

    6cd5d1f8437dad187f2b78bf9d675c3aeb8acff8

  • SHA256

    275db0765a0eb16237b55550c8a7e9bda84f98eb39a3ed3c33b054fdd420a3cd

  • SHA512

    58f098690fa8adddaa461cd5032592e39dda56682b9cae3b10ed051e08a9f54f0a2b6940d48509384c41464615d1e52d7a7b6069103a7b661539722c8c0fdbe5

  • SSDEEP

    24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0UOSQ+V:E5aIwC+Agr6twjVDh

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      d20f6874b72bb6e0ecbb77d82d8c9710_NEIKI

    • Size

      1.3MB

    • MD5

      d20f6874b72bb6e0ecbb77d82d8c9710

    • SHA1

      6cd5d1f8437dad187f2b78bf9d675c3aeb8acff8

    • SHA256

      275db0765a0eb16237b55550c8a7e9bda84f98eb39a3ed3c33b054fdd420a3cd

    • SHA512

      58f098690fa8adddaa461cd5032592e39dda56682b9cae3b10ed051e08a9f54f0a2b6940d48509384c41464615d1e52d7a7b6069103a7b661539722c8c0fdbe5

    • SSDEEP

      24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0UOSQ+V:E5aIwC+Agr6twjVDh

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks