MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84e8dfd9c9b05535d47f0d3fc902511c352a62d9f7a214f0256c7cf1481aa070. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KPOTStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84e8dfd9c9b05535d47f0d3fc902511c352a62d9f7a214f0256c7cf1481aa070
SHA3-384 hash: 2974f49cd6a716656aa3f71d85804f56fcb6cbf8b2e4e0ce8d7a1be03b76b0a86566d553872f2e28700b367bf5a2118f
SHA1 hash: 856fa3218385af60bdad889dcb0baac5e91afc3e
MD5 hash: 6bf2ba4497d61a173697d69f1c6a6874
humanhash: kitten-carbon-beryllium-fish
File name:SecuriteInfo.com.Trojan.PWS.Stealer.25040.742.23829
Download: download sample
Signature KPOTStealer
Create hunting rule
File size:81'408 bytes
First seen:2020-05-11 12:05:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4694bfb0432e6994b8ce3719f948d259 (1 x KPOTStealer)
ssdeep 1536:5P+usQdxmHStgwxF8HBLL/SbCr9BFTpG8JGU8SVTPMVuN:t+usQhWmFIBLL+c9VJrT2VuN
Threatray 68 similar samples on MalwareBazaar
TLSH CE838D53F6E18032E2761B7186DAABB057FEB831117B85D3D6044989BE204A5FF3A743
Reporter SecuriteInfoCom
Tags:KPOTStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.25040.742.23829.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ser
Create hunting rule
Status:
Malicious
First seen:
2020-05-09 01:53:08 UTC
File Type:
PE (Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qtun7wojwbktlvd7bu74sasrdq2suywz66rbj4bfnr6pcsa2ubya._file
Verdict:
malicious
Similar samples:
038370e2075789209a637394446041094f3230afdcc2f21e1461675edb6adfbf
KPOTStealer
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
KPOTStealer
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
KPOTStealer
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
KPOTStealer
76c39773f1b2801f46d8856d7ad46b97ef500ac07febec3f0bcf623c326aea87
KPOTStealer
7e118b534abb919903bc15b33f5fe2db15a54f7f39a7abc87c61e4617f35c0d2
KPOTStealer
97d23ffd00c0dd37730804366759beb11de41f3f5d245014e976a57d667a5ccd
KPOTStealer
9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3
KPOTStealer
b1d9adc8ee80f24960fb84adbb029695e49763faecbf559f92410d44bf28b0d3
KPOTStealer
ebb20ece00b9d35c26bb797dbbbd6df726473e198a53095cb232dc8042c18d7e
KPOTStealer
+ 58 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-5pd8ang6wn/
Behaviour
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_kpot_stealer_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_kpot_stealer_w0
Create hunting rule
Author:Fumik0_
Description:Kpot
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

KPOTStealer

Executable exe 84e8dfd9c9b05535d47f0d3fc902511c352a62d9f7a214f0256c7cf1481aa070

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/360993/
  
Delivery method
Distributed via web download

Comments