kpot | 8f965b3033db6749d0db32472abc5abc5854f4f486dab21ff386ba14c9f443fa | Triage

Submit
Reports

Overview

overview

Static

static

8f965b3033...fa.exe

windows7-x64

8f965b3033...fa.exe

windows10-2004-x64

Sharing

General

Target

8f965b3033db6749d0db32472abc5abc5854f4f486dab21ff386ba14c9f443fa
Size

1.0MB
Sample

240913-m8c52szamg
MD5

470379d2f9287b0a493703e10c4946ee
SHA1

b97f7039a90b62bf49116ce06fb54abf2a09eda5
SHA256

8f965b3033db6749d0db32472abc5abc5854f4f486dab21ff386ba14c9f443fa
SHA512

fd1f0e0998123ad34bdd6b9de368851169a022b4124fb09c92af07e24a12dc37b0a3de35cdf3e1e1eef57f133f02df6e29d011d97c1a5d0a26aed1f85d28ecf2
SSDEEP

24576:zQ5aILMCfmAUjzX6xQGCZLFdGm13J/NuhGPe:E5aIwC+Agr6S/FpJpm

Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8f965b3033db6749d0db32472abc5abc5854f4f486dab21ff386ba14c9f443fa.exe

Resource

win7-20240903-en

kpot trickbot banker discovery evasion execution stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f965b3033db6749d0db32472abc5abc5854f4f486dab21ff386ba14c9f443fa.exe

Resource

win10v2004-20240802-en

kpot trickbot banker discovery stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f965b3033db6749d0db32472abc5abc5854f4f486dab21ff386ba14c9f443fa
- Size
  
  1.0MB
- MD5
  
  470379d2f9287b0a493703e10c4946ee
- SHA1
  
  b97f7039a90b62bf49116ce06fb54abf2a09eda5
- SHA256
  
  8f965b3033db6749d0db32472abc5abc5854f4f486dab21ff386ba14c9f443fa
- SHA512
  
  fd1f0e0998123ad34bdd6b9de368851169a022b4124fb09c92af07e24a12dc37b0a3de35cdf3e1e1eef57f133f02df6e29d011d97c1a5d0a26aed1f85d28ecf2
- SSDEEP
  
  24576:zQ5aILMCfmAUjzX6xQGCZLFdGm13J/NuhGPe:E5aIwC+Agr6S/FpJpm
Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

kpottrickbotbankerdiscoveryevasionexecutionstealertrojan

behavioral2

kpottrickbotbankerdiscoverystealertrojan

© 2018-2024

Terms | Privacy