Overview

overview

10

Static

static

10

436ec7db1b...cs.exe

windows7-x64

10

436ec7db1b...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    436ec7db1b32c8ebb61ab05f988c3400_NeikiAnalytics.exe

  • Size

    1008KB

  • Sample

    240528-pg46kach6s

  • MD5

    436ec7db1b32c8ebb61ab05f988c3400

  • SHA1

    f3bff92c1a462adbfa49a6cc30bb09359b022b89

  • SHA256

    002f95bc9c8f1fe60cdad769e19a79acd77676abc83819e7efbbdfb76844322d

  • SHA512

    1b8e9d2da43285c2e7bb89c5713f5302e52a9b264877af1a74943a5f38d8e313c13edcb7eab6d68d04b139ec47aac8e5431c9a80a3ceb5407758db3b558755af

  • SSDEEP

    12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEs1HzCHT4TlM9YmJ2Q97v54yRnkQgVfDN:zQ5aILMCfmAUjzX6T0TlOnvPyQCfx

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      436ec7db1b32c8ebb61ab05f988c3400_NeikiAnalytics.exe

    • Size

      1008KB

    • MD5

      436ec7db1b32c8ebb61ab05f988c3400

    • SHA1

      f3bff92c1a462adbfa49a6cc30bb09359b022b89

    • SHA256

      002f95bc9c8f1fe60cdad769e19a79acd77676abc83819e7efbbdfb76844322d

    • SHA512

      1b8e9d2da43285c2e7bb89c5713f5302e52a9b264877af1a74943a5f38d8e313c13edcb7eab6d68d04b139ec47aac8e5431c9a80a3ceb5407758db3b558755af

    • SSDEEP

      12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEs1HzCHT4TlM9YmJ2Q97v54yRnkQgVfDN:zQ5aILMCfmAUjzX6T0TlOnvPyQCfx

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks