MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 855df8ea53324c9586b709096cfa75eee7861ab887d8b15f801fca717337abff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KPOTStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 855df8ea53324c9586b709096cfa75eee7861ab887d8b15f801fca717337abff
SHA3-384 hash: 6c5c1c9eacf4add83daea0a434c78ad1ee5b85a79e58ddfc83e5d9efed334a2a3ece1cce4bfc3319dfcfd3432f2fe8a8
SHA1 hash: 19ed8edca08b190a880890cff2abb277d93060fc
MD5 hash: 44184911454ad8c4666e2b5da109ac79
humanhash: king-eighteen-king-don
File name:Letter of demand Overdue Invoice.pdf.gz
Download: download sample
Signature KPOTStealer
Create hunting rule
File size:129'443 bytes
First seen:2020-06-02 10:16:56 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:AtfR2vngM4eh2JfEBH0t+XK6MLfJUdA8WgJExqIpLBHOME4ym:bgMLsJfEOtEZMLfoDb7IpdHOME4ym
TLSH 8BC312DFB8F0A46B0F7BBE9AE055D1D98CE0F598EDB929660F10C547A566B0E4730308
Reporter abuse_ch
Tags:gz KPOTStealer


Avatar
abuse_ch
Malspam distributing KPOTStealer:

HELO: host.sasasovic.com
Sending IP: 199.217.117.135
From: admin@debtsource.co.za
Subject: Letter of demand (Overdue Invoice): Urgent response recommended
Attachment: Letter of demand Overdue Invoice.pdf.gz (contains "Letter of demand Overdue Invoice.pdf.exe")

KPOTStealer C2:
http://privatesurb.cn/MXeDKTGhMhMYUisz/login.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generickdz-7996014-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:37:08 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qvo7r2stgjgjlbvxbeewz6tv53tymgvyq7mlcx4ad7fhc4zxvp7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

KPOTStealer

gz 855df8ea53324c9586b709096cfa75eee7861ab887d8b15f801fca717337abff

(this sample)

KPOTStealer

Executable exe b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d

  
Dropping
MD5 1d5021279a8c4ad4eb9f940b0f952ad9
  
Dropping
KPOTStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d

Comments