kpot | c3ac2cb7506014bb044bd748fb098a86561afe2b7114343543005221a93aa01e | Triage

Resubmissions

23-09-2024 08:07

240923-jz9k4szara 10

22-09-2024 14:12

240922-rh8lgstbrf 10

Sharing

General

Target

c3ac2cb7506014bb044bd748fb098a86561afe2b7114343543005221a93aa01eN
Size

1.5MB
Sample

240923-jz9k4szara
MD5

e83ae2bb70cc2c59c4829d7f7fa88cb0
SHA1

7c0ee8a76e4f2518fb3c67c4a4df4f8566eb7016
SHA256

c3ac2cb7506014bb044bd748fb098a86561afe2b7114343543005221a93aa01e
SHA512

1a143a95ef9d1aeeefa31a851adc65ef1db4ebf2323107eb2f633435fb8358acc70541015caf86c48b44fb8fc95c8669d1585c2935116f173e9d32ce6989051d
SSDEEP

24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkMwa7:E5aIwC+Agr6St1lOqq+jCpLWgO

Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan

Malware Config

Targets

- Target
  
  c3ac2cb7506014bb044bd748fb098a86561afe2b7114343543005221a93aa01eN
- Size
  
  1.5MB
- MD5
  
  e83ae2bb70cc2c59c4829d7f7fa88cb0
- SHA1
  
  7c0ee8a76e4f2518fb3c67c4a4df4f8566eb7016
- SHA256
  
  c3ac2cb7506014bb044bd748fb098a86561afe2b7114343543005221a93aa01e
- SHA512
  
  1a143a95ef9d1aeeefa31a851adc65ef1db4ebf2323107eb2f633435fb8358acc70541015caf86c48b44fb8fc95c8669d1585c2935116f173e9d32ce6989051d
- SSDEEP
  
  24576:zQ5aILMCfmAUjzX6xQtpj/Yz6XVSvmHaZkI+oq6dTnHv5yIi734DHr0ESjdkMwa7:E5aIwC+Agr6St1lOqq+jCpLWgO
Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

kpottrickbotbankerdiscoveryevasionexecutionstealertrojan