Overview

overview

10

Static

static

10

af2ac746fb...cs.exe

windows7-x64

10

af2ac746fb...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af2ac746fb51132aa5d6266e68ab5830_NeikiAnalytics.exe

  • Size

    1.5MB

  • Sample

    240604-n2zk5sfg46

  • MD5

    af2ac746fb51132aa5d6266e68ab5830

  • SHA1

    036df319006a04f641beb7995650102d1f58703d

  • SHA256

    7ea178255387aef33cdfaefa90c45637bd746d1779d2343c7d9f829041197cf0

  • SHA512

    561b9245d36884b8cd2fbebab8d72544cae149c8f45cc59b927e56f82f2987bf0f698e182c0d57c70fd9bb4aafae646b923165f36be638890aa8d20086a5d053

  • SSDEEP

    24576:zQ5aILMCfmAUjzX677WOMcT/X2dI7T2FAoUcUOp6doF5ES/oko23JS1++:E5aIwC+Agr6tdlmU1/eoh25i

Score
10/10
kpottrickbotbankerevasionexecutionstealertrojan

Malware Config

Targets

    • Target

      af2ac746fb51132aa5d6266e68ab5830_NeikiAnalytics.exe

    • Size

      1.5MB

    • MD5

      af2ac746fb51132aa5d6266e68ab5830

    • SHA1

      036df319006a04f641beb7995650102d1f58703d

    • SHA256

      7ea178255387aef33cdfaefa90c45637bd746d1779d2343c7d9f829041197cf0

    • SHA512

      561b9245d36884b8cd2fbebab8d72544cae149c8f45cc59b927e56f82f2987bf0f698e182c0d57c70fd9bb4aafae646b923165f36be638890aa8d20086a5d053

    • SSDEEP

      24576:zQ5aILMCfmAUjzX677WOMcT/X2dI7T2FAoUcUOp6doF5ES/oko23JS1++:E5aIwC+Agr6tdlmU1/eoh25i

    Score
    10/10
    kpottrickbotbankerevasionexecutionstealertrojan

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks