Overview

overview

10

Static

static

10

67f44c99cb...cs.exe

windows7-x64

10

67f44c99cb...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67f44c99cb965cb09a57f34219574980_NeikiAnalytics

  • Size

    1.2MB

  • Sample

    240511-dqergsch84

  • MD5

    67f44c99cb965cb09a57f34219574980

  • SHA1

    300f912bb44ca16f3fd0a1178099b8f096874063

  • SHA256

    f6ccfbafa1708d75fdec85aa70fd3359a58eadfe21583eb0e85f4b694d78eaff

  • SHA512

    6e23cc6cb1c8b556cd928d42d0d6f28ce129b9ed7cdfbed36ffd157371d3f346c8f6e590a3aa70c6f399beebe6486f6ec499b4c6ca51fc73cf7e32c758668762

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcF/LO:E5aIwC+Agr6S/FYqOc2J

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      67f44c99cb965cb09a57f34219574980_NeikiAnalytics

    • Size

      1.2MB

    • MD5

      67f44c99cb965cb09a57f34219574980

    • SHA1

      300f912bb44ca16f3fd0a1178099b8f096874063

    • SHA256

      f6ccfbafa1708d75fdec85aa70fd3359a58eadfe21583eb0e85f4b694d78eaff

    • SHA512

      6e23cc6cb1c8b556cd928d42d0d6f28ce129b9ed7cdfbed36ffd157371d3f346c8f6e590a3aa70c6f399beebe6486f6ec499b4c6ca51fc73cf7e32c758668762

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcF/LO:E5aIwC+Agr6S/FYqOc2J

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks