Overview

overview

10

Static

static

10

1284699862...KI.exe

windows7-x64

10

1284699862...KI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12846998624532f99e5b2875a3b0c4f0_NEIKI

  • Size

    1.0MB

  • Sample

    240508-xnwrrsab6z

  • MD5

    12846998624532f99e5b2875a3b0c4f0

  • SHA1

    812aecefdb659ef8e31e85f31bbd6eba7a36c509

  • SHA256

    941e0bcaee7af2826dfecd626a9bc95f507e41cbeac913abd0299cc89dad1480

  • SHA512

    981b2f74780a2908adf506f9ee31021bc265086b810568298fe206f10843178cca19eb283b8cfbf21828f337afa123774261336349a3c531513c65d249d42200

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZ9uvCB4NQb:E5aIwC+Agr6St1lOqIugMQb

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      12846998624532f99e5b2875a3b0c4f0_NEIKI

    • Size

      1.0MB

    • MD5

      12846998624532f99e5b2875a3b0c4f0

    • SHA1

      812aecefdb659ef8e31e85f31bbd6eba7a36c509

    • SHA256

      941e0bcaee7af2826dfecd626a9bc95f507e41cbeac913abd0299cc89dad1480

    • SHA512

      981b2f74780a2908adf506f9ee31021bc265086b810568298fe206f10843178cca19eb283b8cfbf21828f337afa123774261336349a3c531513c65d249d42200

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZ9uvCB4NQb:E5aIwC+Agr6St1lOqIugMQb

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks