Overview

overview

10

Static

static

10

156c234b57...cs.exe

windows7-x64

10

156c234b57...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    156c234b57c6f22255863b738bdb5370_NeikiAnalytics.exe

  • Size

    1.3MB

  • Sample

    240516-xleepsbb86

  • MD5

    156c234b57c6f22255863b738bdb5370

  • SHA1

    a931f49a8b95653c845ccdadbc0bb5a1b448c4f2

  • SHA256

    955788f46f958730e9b9a3bfa4ae8812935fb1a5e4e223dc624a52f1ac2dd35b

  • SHA512

    672b195c773fcc65209bcbf2f3337ddfcb9c15334c4090ac4ef3a9834839328f74a3f9d3638b571a0d4e1dbbafc8d090f237e362368357e4f02ca46c11fbcb6c

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsA7svKzMhvHa5eJ0K+5FY:E5aIwC+Agr6SNvFMs+LY

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      156c234b57c6f22255863b738bdb5370_NeikiAnalytics.exe

    • Size

      1.3MB

    • MD5

      156c234b57c6f22255863b738bdb5370

    • SHA1

      a931f49a8b95653c845ccdadbc0bb5a1b448c4f2

    • SHA256

      955788f46f958730e9b9a3bfa4ae8812935fb1a5e4e223dc624a52f1ac2dd35b

    • SHA512

      672b195c773fcc65209bcbf2f3337ddfcb9c15334c4090ac4ef3a9834839328f74a3f9d3638b571a0d4e1dbbafc8d090f237e362368357e4f02ca46c11fbcb6c

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsA7svKzMhvHa5eJ0K+5FY:E5aIwC+Agr6SNvFMs+LY

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks