Overview

overview

10

Static

static

10

virussign....80.exe

windows7-x64

10

virussign....80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virussign.com_6958b986f61f8db955032037f465cb80.vir

  • Size

    1.0MB

  • Sample

    240528-xe5cjsff9y

  • MD5

    6958b986f61f8db955032037f465cb80

  • SHA1

    df217916161628aac430b98a8784d340d4498913

  • SHA256

    23a65c70dda70d5395d156dea36ff5bb3374c2b566cb7446e9efc5609ff123d3

  • SHA512

    28894648aafbf99894d01df4a0a5ada3d99ab22c82032a98521c6cbc3e6d55a712ee7bcc6b7afb77fb4e419b5642a48e95016329e5723d51693c7ebcec39ff82

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsAUSTsU9BRsX:E5aIwC+Agr6SNasosX

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      virussign.com_6958b986f61f8db955032037f465cb80.vir

    • Size

      1.0MB

    • MD5

      6958b986f61f8db955032037f465cb80

    • SHA1

      df217916161628aac430b98a8784d340d4498913

    • SHA256

      23a65c70dda70d5395d156dea36ff5bb3374c2b566cb7446e9efc5609ff123d3

    • SHA512

      28894648aafbf99894d01df4a0a5ada3d99ab22c82032a98521c6cbc3e6d55a712ee7bcc6b7afb77fb4e419b5642a48e95016329e5723d51693c7ebcec39ff82

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsAUSTsU9BRsX:E5aIwC+Agr6SNasosX

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks