Overview

overview

10

Static

static

10

6b315d29a2...21.exe

windows7-x64

10

6b315d29a2...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b315d29a2a9fe084d41751191a6711c8f58c7a866ef45aff1725b43af4f0c21

  • Size

    1.3MB

  • Sample

    240514-2l6w6scf26

  • MD5

    6cbe5ae51312f0647c2936096a07a73e

  • SHA1

    71135de3f07d1099b5e7d15507ec686be56df17f

  • SHA256

    6b315d29a2a9fe084d41751191a6711c8f58c7a866ef45aff1725b43af4f0c21

  • SHA512

    65d015e0fdac5e2c121a27c53700acac9c9cd5a93a685321b3cd591cf6e5dfa57a9080754cedb57cd070be33e3e5aa4882b5b359866c407d322eb9f397d6a298

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcaSRAg:E5aIwC+Agr6S/FYqOc2nSRv

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      6b315d29a2a9fe084d41751191a6711c8f58c7a866ef45aff1725b43af4f0c21

    • Size

      1.3MB

    • MD5

      6cbe5ae51312f0647c2936096a07a73e

    • SHA1

      71135de3f07d1099b5e7d15507ec686be56df17f

    • SHA256

      6b315d29a2a9fe084d41751191a6711c8f58c7a866ef45aff1725b43af4f0c21

    • SHA512

      65d015e0fdac5e2c121a27c53700acac9c9cd5a93a685321b3cd591cf6e5dfa57a9080754cedb57cd070be33e3e5aa4882b5b359866c407d322eb9f397d6a298

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcaSRAg:E5aIwC+Agr6S/FYqOc2nSRv

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks