MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c924fac27782f8fe06953db60d0b7c4210f34e2156631aacc554877a3ee74e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KPOTStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c924fac27782f8fe06953db60d0b7c4210f34e2156631aacc554877a3ee74e6
SHA3-384 hash: 3f4ff0e1bb0125b8f2ff26d670a7f519c4f249d18a8f1db35b73a3330a6f06027c4058c9bfebc0709208c63736997c24
SHA1 hash: 37044b10afbc5b81e826157fefbb665afc654485
MD5 hash: 4301104560380062b61f344050e8041f
humanhash: twelve-seven-bacon-lima
File name:New COVID-19 Dealership Safety rules From Government.pdf.gz
Download: download sample
Signature KPOTStealer
Create hunting rule
File size:145'147 bytes
First seen:2020-06-03 11:28:34 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:72xmI6O1fJioYkMZS4Ce5xt0WP3wpCp+O8GYEyJf:7/Mi1kWC6EWYkp+GYEyt
TLSH 53E312CBFD04FFC358A711FADA80B968E420499F5389899C0B605B6DCD24FB89938874
Reporter abuse_ch
Tags:COVID-19 geo gz KPOTStealer ZAF


Avatar
abuse_ch
Malspam distributing KPOTStealer:

HELO: host.sasasovic.com
Sending IP: 199.217.117.135
From: public@rmi.org.za
Subject: New COVID-19 Dealership Safety rules From Government
Attachment: New COVID-19 Dealership Safety rules From Government.pdf.gz (contains "New COVID-19 Dealership Safety rules From Government.pdf.exe")

KPOTStealer C2:
http://freelacerinc.ru/ZIfNQs9F0vOGQtOS/util.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.PDB-11.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:37:42 UTC
File Type:
Binary (Archive)
Extracted files:
35
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nsje7lbhpaxy7ydjkpnwbufxyqqq6nhccvtddkwmkvehpi7ootta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

KPOTStealer

gz 6c924fac27782f8fe06953db60d0b7c4210f34e2156631aacc554877a3ee74e6

(this sample)

KPOTStealer

Executable exe ccbe3d3c56f67ca2eae06209050bfb086fdbc579d8511585533e841e4d9b5dfe

  
Dropping
MD5 cc7a80daf5af88ee2b9c305bfcbf70f4
  
Dropping
KPOTStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ccbe3d3c56f67ca2eae06209050bfb086fdbc579d8511585533e841e4d9b5dfe

Comments