Overview

overview

10

Static

static

10

9942968414...cs.exe

windows7-x64

10

9942968414...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99429684149d9c8a06e7ab4e1874c180_NeikiAnalytics

  • Size

    1.4MB

  • Sample

    240511-htkjcscc8s

  • MD5

    99429684149d9c8a06e7ab4e1874c180

  • SHA1

    024103b0de1bdb5f04a2f7472d3fa93a0f3150fd

  • SHA256

    20aadfdd78f20a3e5f05bbd2b523d20effb62590fd465608ff9819aa807eb768

  • SHA512

    7390353a065d921e77c484eb806546f78116168a62d66ee8a14486dce465ae18118d6d29b9c6110494b1ad1d0210a35f699ff5ec58d7a9a0a86c1c6ed436c161

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHrPyFX7o:E5aIwC+Agr6St1lOqq+jCpLPQo

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      99429684149d9c8a06e7ab4e1874c180_NeikiAnalytics

    • Size

      1.4MB

    • MD5

      99429684149d9c8a06e7ab4e1874c180

    • SHA1

      024103b0de1bdb5f04a2f7472d3fa93a0f3150fd

    • SHA256

      20aadfdd78f20a3e5f05bbd2b523d20effb62590fd465608ff9819aa807eb768

    • SHA512

      7390353a065d921e77c484eb806546f78116168a62d66ee8a14486dce465ae18118d6d29b9c6110494b1ad1d0210a35f699ff5ec58d7a9a0a86c1c6ed436c161

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHrPyFX7o:E5aIwC+Agr6St1lOqq+jCpLPQo

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks