kpot | c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

c677528257...cd.exe

windows7-x64

c677528257...cd.exe

windows10-2004-x64

Resubmissions

08/10/2024, 04:56 UTC

241008-fk1g4szdlr 10

29/09/2024, 13:09 UTC

240929-qeaplswakm 10

Sharing

General

Target

c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
Size

1.2MB
Sample

240929-qeaplswakm
MD5

a75e5ec8cb970751e03e89715d9376dd
SHA1

757552baa41f16654dabeb2a0931ce27b65c4426
SHA256

c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
SHA512

b9d35cd5fb15c42741e0e05f8e7bd99d17468ec4d36e3297e37edbe6162b84a23327d026b98d3279c354c0f3faa8735410fc342a8694dc1c5c820196139b9f5e
SSDEEP

24576:zQ5aILMCfmAUjzX6xQtjmssdqex1hl+dZXM:E5aIwC+Agr6StYCXM

Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd.exe

Resource

win7-20240708-en

kpot trickbot banker discovery evasion execution stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd.exe

Resource

win10v2004-20240802-en

kpot trickbot banker discovery stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
- Size
  
  1.2MB
- MD5
  
  a75e5ec8cb970751e03e89715d9376dd
- SHA1
  
  757552baa41f16654dabeb2a0931ce27b65c4426
- SHA256
  
  c67752825726fbb0bde78631f61578a1a84a048cae434a822e23dfe680ac11cd
- SHA512
  
  b9d35cd5fb15c42741e0e05f8e7bd99d17468ec4d36e3297e37edbe6162b84a23327d026b98d3279c354c0f3faa8735410fc342a8694dc1c5c820196139b9f5e
- SSDEEP
  
  24576:zQ5aILMCfmAUjzX6xQtjmssdqex1hl+dZXM:E5aIwC+Agr6StYCXM
Score

10^/10

kpot trickbot banker discovery evasion execution stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

kpottrickbotbankerdiscoveryevasionexecutionstealertrojan

behavioral2

kpottrickbotbankerdiscoverystealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.