Overview

overview

10

Static

static

10

9082ac7eee...cs.exe

windows7-x64

10

9082ac7eee...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9082ac7eee8fc7d2e85eee55b5f23dc0_NeikiAnalytics

  • Size

    810KB

  • Sample

    240510-g9zsjsga2x

  • MD5

    9082ac7eee8fc7d2e85eee55b5f23dc0

  • SHA1

    734b7c42b6617220beba73475ebf178d1965a0de

  • SHA256

    3df2a4e81c141afc4dc8521769cd3728687041fa3968af7de5dce1e8f6ca13a5

  • SHA512

    290fe12f67328db206d9469b92537e972e0202dcee32b495904324e4764ba8d5dbb079ce8d76cae4bf84e88f8336bcd60c1de6c222cc6ed9ac1357384f4541cc

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9In+KbH8:zQ5aILMCfmAUjzX6xQt9U3917Lwy+Kj8

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      9082ac7eee8fc7d2e85eee55b5f23dc0_NeikiAnalytics

    • Size

      810KB

    • MD5

      9082ac7eee8fc7d2e85eee55b5f23dc0

    • SHA1

      734b7c42b6617220beba73475ebf178d1965a0de

    • SHA256

      3df2a4e81c141afc4dc8521769cd3728687041fa3968af7de5dce1e8f6ca13a5

    • SHA512

      290fe12f67328db206d9469b92537e972e0202dcee32b495904324e4764ba8d5dbb079ce8d76cae4bf84e88f8336bcd60c1de6c222cc6ed9ac1357384f4541cc

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9In+KbH8:zQ5aILMCfmAUjzX6xQt9U3917Lwy+Kj8

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks