Overview

overview

10

Static

static

10

f57e393d66...cs.exe

windows7-x64

10

f57e393d66...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f57e393d663546598fa95e6ae684b8c0_NeikiAnalytics.exe

  • Size

    1.3MB

  • Sample

    240519-t6rc8afg85

  • MD5

    f57e393d663546598fa95e6ae684b8c0

  • SHA1

    3854af9798bcb901889a70e9a3fc4b2c6add4ead

  • SHA256

    6e67ebd342080ea5f9021681d053408dcda5abde55ca5a5bb1e9515744694f89

  • SHA512

    28c8e46da37825c47db2ea9024aedb73b09c7c81f775db67a51ca31b0ecbd56419d387cafd11b7493c656c1cc147ea9d4d1f0b7cea170ab3ff4914b1131cb0f1

  • SSDEEP

    24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0n7:E5aIwC+Agr6twjVDO7

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      f57e393d663546598fa95e6ae684b8c0_NeikiAnalytics.exe

    • Size

      1.3MB

    • MD5

      f57e393d663546598fa95e6ae684b8c0

    • SHA1

      3854af9798bcb901889a70e9a3fc4b2c6add4ead

    • SHA256

      6e67ebd342080ea5f9021681d053408dcda5abde55ca5a5bb1e9515744694f89

    • SHA512

      28c8e46da37825c47db2ea9024aedb73b09c7c81f775db67a51ca31b0ecbd56419d387cafd11b7493c656c1cc147ea9d4d1f0b7cea170ab3ff4914b1131cb0f1

    • SSDEEP

      24576:zQ5aILMCfmAUjzX677WOMc7qzz1IojVD0n7:E5aIwC+Agr6twjVDO7

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks