kpot | c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd | Triage

Resubmissions

08-10-2024 04:56

241008-fk1g4szdlr 10

29-09-2024 13:09

240929-qeaplswakm 10

Sharing

General

Target

c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
Size

1.2MB
Sample

240929-qeaplswakm
MD5

a75e5ec8cb970751e03e89715d9376dd
SHA1

757552baa41f16654dabeb2a0931ce27b65c4426
SHA256

c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
SHA512

b9d35cd5fb15c42741e0e05f8e7bd99d17468ec4d36e3297e37edbe6162b84a23327d026b98d3279c354c0f3faa8735410fc342a8694dc1c5c820196139b9f5e
SSDEEP

24576:zQ5aILMCfmAUjzX6xQtjmssdqex1hl+dZXM:E5aIwC+Agr6StYCXM

Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan

Malware Config

Targets

- Target
  
  c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
- Size
  
  1.2MB
- MD5
  
  a75e5ec8cb970751e03e89715d9376dd
- SHA1
  
  757552baa41f16654dabeb2a0931ce27b65c4426
- SHA256
  
  c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
- SHA512
  
  b9d35cd5fb15c42741e0e05f8e7bd99d17468ec4d36e3297e37edbe6162b84a23327d026b98d3279c354c0f3faa8735410fc342a8694dc1c5c820196139b9f5e
- SSDEEP
  
  24576:zQ5aILMCfmAUjzX6xQtjmssdqex1hl+dZXM:E5aIwC+Agr6StYCXM
Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

kpottrickbotbankerdiscoveryevasionexecutionstealertrojan

behavioral2

kpottrickbotbankerdiscoverystealertrojan