Overview

overview

10

Static

static

10

ed8957c3fd...cs.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240517-sllrkadf35_pw_infected.zip

  • Size

    770KB

  • Sample

    240517-snhspadf98

  • MD5

    7d876c080d274ef978d2b2daf4347dcf

  • SHA1

    fdf7775aaca079a0bee7929d5bd3a5686add4b7e

  • SHA256

    011401111bf477e0883ee01fbd792f858f2dde4a629138fd2130b375d3481c8f

  • SHA512

    078cc8f97b4ff3d5c66f9ca9fd9e02a723b4b0d2f1dec4501057dea6ffd5349583099f33449ac7bf7f8e0c845fdbde7b14d6c09b7ed8b989fd23130c63a8605d

  • SSDEEP

    12288:05afvci0ZjzP7TJaCs0TwGDsDYM6KhaLApPzNSQGRli+XYuVZby36piyh37eO:0Kvnw8CnTwOsDiSRpZsRli+nVtGyzIO

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      ed8957c3fd817ef52ae025a66aa42180_NeikiAnalytics.exe

    • Size

      1.2MB

    • MD5

      ed8957c3fd817ef52ae025a66aa42180

    • SHA1

      e9a6037089f6a064546d00325062627ea11c7b75

    • SHA256

      efbd6d8ec6ef782d65154ed360a81fe4f406285c1523214a41ed350420ee4fd4

    • SHA512

      199edc5760480a0db650d534fa90366acca7e26c5309cb0fe90e09c8afab321375d7e6520b352218ce869458893fe6e02792491d3b0275d7567ea9d6aae01585

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcz5lb:E5aIwC+Agr6S/FYqOc2e

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks