Overview

overview

10

Static

static

10

a76a68e70e...cs.exe

windows7-x64

10

a76a68e70e...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a76a68e70ed9001d8b8de44ee401f9e0_NeikiAnalytics

  • Size

    847KB

  • Sample

    240510-jsh5ksbe9z

  • MD5

    a76a68e70ed9001d8b8de44ee401f9e0

  • SHA1

    405b35db4cc02bff42ae2b3d1dfb01ec5ebc8a34

  • SHA256

    ab33a217d08d3824233cbed661bf4a294838ed246fa0a43d8c0e52d25bc53924

  • SHA512

    62fe7905e87696e56ca715fe88b250aeaa088d01ccaf223228cc8dc6ddd8f3c326b5e8a2b1f3cc751fa92fe55b5256aa8eacc7251f735e0ea84c73a0c2fe7eab

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9IUMOKg:zQ5aILMCfmAUjzX6xQt9U3917Lw/zx

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      a76a68e70ed9001d8b8de44ee401f9e0_NeikiAnalytics

    • Size

      847KB

    • MD5

      a76a68e70ed9001d8b8de44ee401f9e0

    • SHA1

      405b35db4cc02bff42ae2b3d1dfb01ec5ebc8a34

    • SHA256

      ab33a217d08d3824233cbed661bf4a294838ed246fa0a43d8c0e52d25bc53924

    • SHA512

      62fe7905e87696e56ca715fe88b250aeaa088d01ccaf223228cc8dc6ddd8f3c326b5e8a2b1f3cc751fa92fe55b5256aa8eacc7251f735e0ea84c73a0c2fe7eab

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9IUMOKg:zQ5aILMCfmAUjzX6xQt9U3917Lw/zx

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks