kpot | 4a70b3600618e9f49c0c952e7a09115e57c72d8c304384363d0dbab46eef2f3a | Triage

Submit
Reports

Overview

overview

Static

static

6aa56c8f91...0N.exe

windows7-x64

6aa56c8f91...0N.exe

windows10-2004-x64

Sharing

General

Target

6aa56c8f915c15b7d4a9aab9e30af870N.exe
Size

861KB
Sample

240807-fs1g3ssaqp
MD5

6aa56c8f915c15b7d4a9aab9e30af870
SHA1

66cd3ad17fa323d51f00ce852cbd3266b28c42ad
SHA256

4a70b3600618e9f49c0c952e7a09115e57c72d8c304384363d0dbab46eef2f3a
SHA512

c0357c25a4d3b8a32b5baadd3708787eb6486f5dd185b6b42c9431cc9bfbc02ee184f528dcfb102dbd91a6fd1346f21257b5e2a7dd3ae65beaa729c1eabf8cc2
SSDEEP

12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQGCsksQjn6YHldGm1ufSD8Gl/ht:zQ5aILMCfmAUjzX6xQGCZLFdGm13J/ht

Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6aa56c8f915c15b7d4a9aab9e30af870N.exe

Resource

win7-20240704-en

kpot trickbot banker discovery evasion execution stealer trojan

windows7-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

6aa56c8f915c15b7d4a9aab9e30af870N.exe

Resource

win10v2004-20240802-en

kpot trickbot banker discovery stealer trojan

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  6aa56c8f915c15b7d4a9aab9e30af870N.exe
- Size
  
  861KB
- MD5
  
  6aa56c8f915c15b7d4a9aab9e30af870
- SHA1
  
  66cd3ad17fa323d51f00ce852cbd3266b28c42ad
- SHA256
  
  4a70b3600618e9f49c0c952e7a09115e57c72d8c304384363d0dbab46eef2f3a
- SHA512
  
  c0357c25a4d3b8a32b5baadd3708787eb6486f5dd185b6b42c9431cc9bfbc02ee184f528dcfb102dbd91a6fd1346f21257b5e2a7dd3ae65beaa729c1eabf8cc2
- SSDEEP
  
  12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQGCsksQjn6YHldGm1ufSD8Gl/ht:zQ5aILMCfmAUjzX6xQGCZLFdGm13J/ht
Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

kpottrickbotbankerdiscoveryevasionexecutionstealertrojan

behavioral2

kpottrickbotbankerdiscoverystealertrojan

© 2018-2024

Terms | Privacy