Overview

overview

10

Static

static

10

3784a3a2be...cs.exe

windows7-x64

10

3784a3a2be...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3784a3a2be550d859b28be0f9c7c7960_NeikiAnalytics.exe

  • Size

    1.3MB

  • Sample

    240528-hm5kyshh6z

  • MD5

    3784a3a2be550d859b28be0f9c7c7960

  • SHA1

    f6f503654a065dbc035e363df148b09c3b3452d4

  • SHA256

    d76d4465e13dcd53ae6fbe5c95303a0238d050cbe92bb4367c6fc68451210088

  • SHA512

    0212b8e42461259ab59c7fef6c3935d10830ba40bd7c5a468f02201e94cbbeeeab6ed21a5c2288a2a5bcaf30ffc396d53fd7e70b5f3456b3c901303dfa6f5ceb

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcz5l8uF:E5aIwC+Agr6S/FYqOc2Z2

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      3784a3a2be550d859b28be0f9c7c7960_NeikiAnalytics.exe

    • Size

      1.3MB

    • MD5

      3784a3a2be550d859b28be0f9c7c7960

    • SHA1

      f6f503654a065dbc035e363df148b09c3b3452d4

    • SHA256

      d76d4465e13dcd53ae6fbe5c95303a0238d050cbe92bb4367c6fc68451210088

    • SHA512

      0212b8e42461259ab59c7fef6c3935d10830ba40bd7c5a468f02201e94cbbeeeab6ed21a5c2288a2a5bcaf30ffc396d53fd7e70b5f3456b3c901303dfa6f5ceb

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1SdrzRjVYaQ/n2lbcMfcz5l8uF:E5aIwC+Agr6S/FYqOc2Z2

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks