General

  • Target

    08ad6eb7fef38a9c065a688fd4344f1ff45cd1e39f5369a5ba32afedffc076c3_NeikiAnalytics

  • Size

    1.4MB

  • Sample

    240521-gg3zhaeh34

  • MD5

    98143cf3aafa5f8f370d552fb99fe360

  • SHA1

    67cc505864cf76a4a448c77230fbb9686be993c6

  • SHA256

    08ad6eb7fef38a9c065a688fd4344f1ff45cd1e39f5369a5ba32afedffc076c3

  • SHA512

    4462b54386fc45613be421b4f366ccc86ba592334e18d7952c5ea03801ac1c39526c4ea07e80203708a3ce8eb631478485f095ac50bebaa8691aff45fb1c442f

  • SSDEEP

    24576:zQ5aILMCfmAUjzX677WOMcT/X2dI7T2FAoUcUOp6doF5ES/mfuOdfHhGEi:E5aIwC+Agr6tdlmU1/eHKO

Malware Config

Targets

    • Target

      08ad6eb7fef38a9c065a688fd4344f1ff45cd1e39f5369a5ba32afedffc076c3_NeikiAnalytics

    • Size

      1.4MB

    • MD5

      98143cf3aafa5f8f370d552fb99fe360

    • SHA1

      67cc505864cf76a4a448c77230fbb9686be993c6

    • SHA256

      08ad6eb7fef38a9c065a688fd4344f1ff45cd1e39f5369a5ba32afedffc076c3

    • SHA512

      4462b54386fc45613be421b4f366ccc86ba592334e18d7952c5ea03801ac1c39526c4ea07e80203708a3ce8eb631478485f095ac50bebaa8691aff45fb1c442f

    • SSDEEP

      24576:zQ5aILMCfmAUjzX677WOMcT/X2dI7T2FAoUcUOp6doF5ES/mfuOdfHhGEi:E5aIwC+Agr6tdlmU1/eHKO

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Discovery

Query Registry

1
T1012

Impact

Service Stop

1
T1489

Tasks