kpot | 62694bbe5ad0c4c86a70aa3b5b1040ce46f22d0a99dd24f888d26ca40963664c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

ed0dff21d7...95.exe

windows7-x64

ed0dff21d7...95.exe

windows10-2004-x64

Resubmissions

21/02/2025, 18:36 UTC

250221-w9cqcaxka1 10

16/02/2025, 02:22 UTC

250216-ctwzhaxpay 10

08/02/2025, 06:14 UTC

250208-gzk7ea1paj 10

04/02/2025, 20:34 UTC

250204-zcnm5aspgm 10

25/04/2024, 20:09 UTC

240425-yw88haea81 10

Sharing

General

Target

240425-fk3mgafh5y_pw_infected.zip
Size

745KB
Sample

250216-ctwzhaxpay
MD5

375f80aab9541b5393db255a2b60b882
SHA1

269709c0ea2b575d71efa2f38747ad3922fdcb4b
SHA256

62694bbe5ad0c4c86a70aa3b5b1040ce46f22d0a99dd24f888d26ca40963664c
SHA512

14a8fe74d25634f3f0857198be52f753690cc880b1a3ace2ef3242361fc0049d5689ba868ea6c5eb5fa0c15da21c50c9513d3c829cfe37d00ef2af27dff5f31d
SSDEEP

12288:92mOocMZ/1k1NYtCoUxr6+23mYw+Y9Xfin4JPJ+nTYajDyRDBD+RmUTwf+QuwwQ8:AH6MNkdU1qvYVUqBkh/XTFQuJQOUY

Score

10^/10

kpot trickbot banker defense_evasion discovery evasion execution stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ed0dff21d7247a770dec0768a3da95fdd38bf9e0ca2673ab8cabfcc2352f7b95.exe

Resource

win7-20250207-en

kpot trickbot banker defense_evasion discovery evasion execution stealer trojan

windows7-x64

21 signatures

900 seconds

Behavioral task

behavioral2

Sample

ed0dff21d7247a770dec0768a3da95fdd38bf9e0ca2673ab8cabfcc2352f7b95.exe

Resource

win10v2004-20250211-en

kpot trickbot banker discovery stealer trojan

windows10-2004-x64

15 signatures

900 seconds

Malware Config

Targets

- Target
  
  ed0dff21d7247a770dec0768a3da95fdd38bf9e0ca2673ab8cabfcc2352f7b95
- Size
  
  1.2MB
- MD5
  
  02c54b72e71ea65747180a14c84a2ca1
- SHA1
  
  0ff7516737a6790bbe4875a8a5c98fe20a1d1576
- SHA256
  
  ed0dff21d7247a770dec0768a3da95fdd38bf9e0ca2673ab8cabfcc2352f7b95
- SHA512
  
  2aa8bfa5f1052a19247de879a1e3b14b81ffede11214ae047c3df4bf0477697a61c9392ed1cbab165ad682136db8ca23ab358a57223765e458fe079d4188b5e0
- SSDEEP
  
  24576:zQ5aILMCfmAUjzX6xQGCZLFdGm1Sd8zG7u75+FmVf69AlRmRHJ:E5aIwC+Agr6S/FEAGsji6lRip
Score

10^/10

kpot trickbot banker defense_evasion discovery evasion execution stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Kpot family
  kpot
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Downloads MZ/PE file
- Stops running service(s)
  defense_evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

kpottrickbotbankerdefense_evasiondiscoveryevasionexecutionstealertrojan

behavioral2

kpottrickbotbankerdiscoverystealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.