MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d5e1b067602a21d434c7de34f220dc807b971c0208a0ed3d6c97249bf2a4d1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KPOTStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d5e1b067602a21d434c7de34f220dc807b971c0208a0ed3d6c97249bf2a4d1b
SHA3-384 hash: 2924cc6e13c48dc57c14bee99034a4dd520da8bb8fc262acada0878ec49b2766b24a039bfcd519098c9152986ddce8de
SHA1 hash: fb28e2292f1f3ca5e9ca70764db4b59ce5a731d6
MD5 hash: 3f8a190f0664c9b9d61744ef0af2347d
humanhash: beryllium-echo-leopard-uniform
File name:02ce578a3228602392ebb64dfede1767.exe
Download: download sample
Signature KPOTStealer
Create hunting rule
File size:93'696 bytes
First seen:2020-03-26 15:38:09 UTC
Last seen:2020-03-26 17:53:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:mxZOWCjhr1r6HStg4JOTQQz5BMH5W0gLqjicRzmwKK11:GZOWuhr1rpWCOTFMH5W0EqmAP51
Threatray 123 similar samples on MalwareBazaar
TLSH 8E939D13B1A1D031D06E09B0768BAB654EBFED3011F29897F7594486BA601F6FF36683
Reporter abuse_ch
Tags:exe GuLoader KPOTStealer


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1drmlao5iIfPa7t2TZ0jWt4mQ9QtPXG3-

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.539718.3360.22524.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zbot
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 16:36:56 UTC
File Type:
PE (Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tvpbwbtwakrb2q2mpxru6iqnzad3s4oaecfa5u6wzfzetpzkjunq._file
Verdict:
malicious
Similar samples:
396372108ec44e73e42fed3e3012b1604aeaa0d33b83d3b0634b2929f5d81f3f
KPOTStealer
4803cd9f78d255530bb277add77ba85e09d625edc94750fcced09f3ed438b5f7
KPOTStealer
5c197a3050357890623e49dff313b1189d61c7902cb97145bcdb9bb6433d7e67
KPOTStealer
68f2a110051b7b0567023993940a355ffa07dfb1c5810ce8648e042f69ca3816
KPOTStealer
80cf08d2dc19a68aec5ee4eb60f728380f16eb2b434125327e58a9bb0354f83a
KPOTStealer
a5d9ec13651c51cba4591a97feecc25624d8a081cd5380187469391d321d544d
KPOTStealer
cafbb8091846d36e826b669f8480fd33955afaa03afd5cf16d37f8a413dd6850
KPOTStealer
e1c2513c906bb4f53b2ea2ec8fc675000e5a49daa84c35a2963c63148187a25e
KPOTStealer
f277ca7af289d994cd4ed2a5f9e2b662c97709bf0b17ab5ca7081bdd171b8326
KPOTStealer
f9c6f13bb1cb6d43ad7c53db28448ea88962a71e981910cbf0586f9340a1b09a
KPOTStealer
+ 113 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

dcae0ee9a0400097d7141e07771865954d33d3500949e46680fd61216a87be79

KPOTStealer

Executable exe 9d5e1b067602a21d434c7de34f220dc807b971c0208a0ed3d6c97249bf2a4d1b

(this sample)

  
Dropped by
MD5 02ce578a3228602392ebb64dfede1767
  
Dropped by
MD5 88456900ff3660a369d835091ae5100f
  
Dropped by
GuLoader
  
Dropped by
SHA256 dcae0ee9a0400097d7141e07771865954d33d3500949e46680fd61216a87be79
  
Dropped by
SHA256 5983074059d70143ae894c1409ff756c2ea54924b83d73ff0bea8b67171092ec
  
URLhaus
https://urlhaus.abuse.ch/url/328644/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments