Overview

overview

10

Static

static

10

421f4badff...cs.exe

windows7-x64

10

421f4badff...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    421f4badffebd49f0874750970f08f30_NeikiAnalytics

  • Size

    998KB

  • Sample

    240509-qh3vkaec74

  • MD5

    421f4badffebd49f0874750970f08f30

  • SHA1

    66c6c5fd04577802b4236b2ad79312957abce940

  • SHA256

    220aac15f29396d222f3963ce6ee84be746989e8b6815759e82bfc707c8b0333

  • SHA512

    ef63600045fdaec212dc70a05e6b567909426d09a697ebb8f1f02876847b6876ca4c75f790326a55c5b1852daebc2d21655cb8ee45ca495b0ed784815cfa1eff

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsAUkhmZpI:E5aIwC+Agr6SNbE

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      421f4badffebd49f0874750970f08f30_NeikiAnalytics

    • Size

      998KB

    • MD5

      421f4badffebd49f0874750970f08f30

    • SHA1

      66c6c5fd04577802b4236b2ad79312957abce940

    • SHA256

      220aac15f29396d222f3963ce6ee84be746989e8b6815759e82bfc707c8b0333

    • SHA512

      ef63600045fdaec212dc70a05e6b567909426d09a697ebb8f1f02876847b6876ca4c75f790326a55c5b1852daebc2d21655cb8ee45ca495b0ed784815cfa1eff

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsAUkhmZpI:E5aIwC+Agr6SNbE

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks