Overview

overview

10

Static

static

10

48b094e75a...KI.exe

windows7-x64

10

48b094e75a...KI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48b094e75ad96dd163e58e8e9fdfef00_NEIKI

  • Size

    1.0MB

  • Sample

    240508-zjptrsef7w

  • MD5

    48b094e75ad96dd163e58e8e9fdfef00

  • SHA1

    3a1c30679b45216e7ca3096aa56bee6491da0984

  • SHA256

    7a85cb7ce959e54108f9e5084f56d140f6c478b989fc932507ff564d924f5795

  • SHA512

    9322bdb5dcb87046810da75e51fd4110729541e71ce075c8d1ba01ed89a2ff8890b72b3ebb747b8e40688153a88df391ce0a7c776dac5b4af4831ecbdc188f2d

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsfUhQEsBLKR0ox5r93g1aKnH1t1N:zQ5aILMCfmAUjzX6xQtNBMtOFe2

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      48b094e75ad96dd163e58e8e9fdfef00_NEIKI

    • Size

      1.0MB

    • MD5

      48b094e75ad96dd163e58e8e9fdfef00

    • SHA1

      3a1c30679b45216e7ca3096aa56bee6491da0984

    • SHA256

      7a85cb7ce959e54108f9e5084f56d140f6c478b989fc932507ff564d924f5795

    • SHA512

      9322bdb5dcb87046810da75e51fd4110729541e71ce075c8d1ba01ed89a2ff8890b72b3ebb747b8e40688153a88df391ce0a7c776dac5b4af4831ecbdc188f2d

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsfUhQEsBLKR0ox5r93g1aKnH1t1N:zQ5aILMCfmAUjzX6xQtNBMtOFe2

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks