Overview

overview

10

Static

static

10

9ce2af15fe...12.exe

windows7-x64

10

9ce2af15fe...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412

  • Size

    1.2MB

  • Sample

    240515-bctmdahc2y

  • MD5

    b29d2508ff170d49747a0d173635e918

  • SHA1

    09d76d17809922cac31558833efe36438e7b9c54

  • SHA256

    9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412

  • SHA512

    9d66ee0e6cfe338d0ecad83a9eb86e4367793801f1a66953ba9fbfeff2bda847eb4e0769bd0b75445909d1ea79142865837ed50741bfaa2476b7370e9a3b1d8b

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQt+4En+bcMAOFZ+jJ/1q0GrbcUxnMj0K:E5aIwC+Agr6StVEnmcKWnq0vljt

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412

    • Size

      1.2MB

    • MD5

      b29d2508ff170d49747a0d173635e918

    • SHA1

      09d76d17809922cac31558833efe36438e7b9c54

    • SHA256

      9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412

    • SHA512

      9d66ee0e6cfe338d0ecad83a9eb86e4367793801f1a66953ba9fbfeff2bda847eb4e0769bd0b75445909d1ea79142865837ed50741bfaa2476b7370e9a3b1d8b

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQt+4En+bcMAOFZ+jJ/1q0GrbcUxnMj0K:E5aIwC+Agr6StVEnmcKWnq0vljt

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks