Overview

overview

10

Static

static

10

e90c4ffe37...cs.exe

windows7-x64

10

e90c4ffe37...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e90c4ffe37cf19693954619aebf8ceb0_NeikiAnalytics.exe

  • Size

    1.2MB

  • Sample

    240517-mdd4vsdd7w

  • MD5

    e90c4ffe37cf19693954619aebf8ceb0

  • SHA1

    2bae7038b06dd4d03ab94c0b6cb3173e17252ac1

  • SHA256

    81704ad506dd4b438af15277bf7b7b7195ee44b73d80eb325adab055beb092f7

  • SHA512

    ef09403fa70c2eadb3c4165cb49e170188fdae0f8d410c40f396cd1e4689ce205cb6a41fa58f0139aa8ae436f37fc03558a9fe026db392d60dda43d5e83dcd44

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQt+4En+bcMAOxA5zYlQvmp8RxAb5J6iHsl5Te:E5aIwC+Agr6StVEnmcKxYDvZThTe

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      e90c4ffe37cf19693954619aebf8ceb0_NeikiAnalytics.exe

    • Size

      1.2MB

    • MD5

      e90c4ffe37cf19693954619aebf8ceb0

    • SHA1

      2bae7038b06dd4d03ab94c0b6cb3173e17252ac1

    • SHA256

      81704ad506dd4b438af15277bf7b7b7195ee44b73d80eb325adab055beb092f7

    • SHA512

      ef09403fa70c2eadb3c4165cb49e170188fdae0f8d410c40f396cd1e4689ce205cb6a41fa58f0139aa8ae436f37fc03558a9fe026db392d60dda43d5e83dcd44

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQt+4En+bcMAOxA5zYlQvmp8RxAb5J6iHsl5Te:E5aIwC+Agr6StVEnmcKxYDvZThTe

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks