Overview

overview

10

Static

static

10

38548170f3...cs.exe

windows7-x64

10

38548170f3...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38548170f375e58f7393c481ca008700_NeikiAnalytics

  • Size

    928KB

  • Sample

    240511-znffwsgf41

  • MD5

    38548170f375e58f7393c481ca008700

  • SHA1

    cc010d0faedbfb749aabc4627512ddc04deb13ec

  • SHA256

    46fa46f497cc0ef78f922f31b30c058c0cab4eda8c94f5ff0e137a272a4700d5

  • SHA512

    3f87e2eb21fc39c8d5d43f846fbf15b8afb86120e03655bc2289a4f65df006c13e507d8c6afe532ad4daf968a38e3f6c5f7a7f0badc7d845cb367887e6bba81a

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQNhW4L1BB3eWj:zQ5aILMCfmAUjzX6xQtjmsNLBSO

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      38548170f375e58f7393c481ca008700_NeikiAnalytics

    • Size

      928KB

    • MD5

      38548170f375e58f7393c481ca008700

    • SHA1

      cc010d0faedbfb749aabc4627512ddc04deb13ec

    • SHA256

      46fa46f497cc0ef78f922f31b30c058c0cab4eda8c94f5ff0e137a272a4700d5

    • SHA512

      3f87e2eb21fc39c8d5d43f846fbf15b8afb86120e03655bc2289a4f65df006c13e507d8c6afe532ad4daf968a38e3f6c5f7a7f0badc7d845cb367887e6bba81a

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSsGa60C+4PMAQNhW4L1BB3eWj:zQ5aILMCfmAUjzX6xQtjmsNLBSO

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks