Overview

overview

10

Static

static

10

0510379b1a...cs.exe

windows7-x64

10

0510379b1a...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0510379b1a0c98acaff19822f66f1440_NeikiAnalytics

  • Size

    866KB

  • Sample

    240511-p17qssge91

  • MD5

    0510379b1a0c98acaff19822f66f1440

  • SHA1

    615722e9c8d590c75818a0cedb218ec8e9edc997

  • SHA256

    42df2afef67ef8c0d740c3dd8e20da21b804e0ee5b0f9a4e02bee837eeeb8a65

  • SHA512

    2e9f2c12e95282f7f14da7d0acb915296bedae1735727d2459ba973df172bbd5692a5c6f220cf1e70620da0a904fa0346da1bfe4ac2576c2f00e7bd146000bb6

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQBnmC:zQ5aILMCfmAUjzX6xQtjmssC

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      0510379b1a0c98acaff19822f66f1440_NeikiAnalytics

    • Size

      866KB

    • MD5

      0510379b1a0c98acaff19822f66f1440

    • SHA1

      615722e9c8d590c75818a0cedb218ec8e9edc997

    • SHA256

      42df2afef67ef8c0d740c3dd8e20da21b804e0ee5b0f9a4e02bee837eeeb8a65

    • SHA512

      2e9f2c12e95282f7f14da7d0acb915296bedae1735727d2459ba973df172bbd5692a5c6f220cf1e70620da0a904fa0346da1bfe4ac2576c2f00e7bd146000bb6

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQBnmC:zQ5aILMCfmAUjzX6xQtjmssC

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks