MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KPOTStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d
SHA3-384 hash: 77b3e6137a21286100c177a4f083d34ce78d77be442e5d564e78f2080227df7af6a4eba548a01dc7db8f2a2d003493df
SHA1 hash: 0cfca4f7a7e5eef91114c0761c36da9f79008882
MD5 hash: 1d5021279a8c4ad4eb9f940b0f952ad9
humanhash: purple-mirror-avocado-bulldog
File name:Letter of demand Overdue Invoice.pdf.exe
Download: download sample
Signature KPOTStealer
Create hunting rule
File size:190'464 bytes
First seen:2020-06-02 10:16:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 011bd7fe935be769d1a6051ae62668e8 (1 x KPOTStealer)
ssdeep 3072:u52YO7bxvcQ+dD+XKcMLhJUjA8kgJEBqM3POG6RgiYr1U:ugT7bxF+dDExMLhoDhlHG5r
Threatray 55 similar samples on MalwareBazaar
TLSH 9E14BF12F7E1F075C81A593098E4CAAC7ABEBCD59AA502DB1348373F6D717C0562839D
Reporter abuse_ch
Tags:exe KPOTStealer


Avatar
abuse_ch
Malspam distributing KPOTStealer:

HELO: host.sasasovic.com
Sending IP: 199.217.117.135
From: admin@debtsource.co.za
Subject: Letter of demand (Overdue Invoice): Urgent response recommended
Attachment: Letter of demand Overdue Invoice.pdf.gz (contains "Letter of demand Overdue Invoice.pdf.exe")

KPOTStealer C2:
http://privatesurb.cn/MXeDKTGhMhMYUisz/login.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generickdz-7996014-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:28:01 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wppnqdd3lecsv336gsvh4oahykx66y2lcg6yqq3xx3mwqkslt6oq._file
Verdict:
malicious
Similar samples:
0b7b7e73fba7b8967e403df8b6ccc237c0185093e05ce7c3044457accb6ad335
KPOTStealer
2026e97bd58d8848dbd55664417790d5ee804bc2fe86ad054cb6a304d2d39a6b
KPOTStealer
471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975
KPOTStealer
70ccb52e4c78d8b68d562fb7088d143577ad35a4b0bd01581a383c41580f1b2d
KPOTStealer
8598147a91005830b94021bf5bf401e1b10d55ff940244394e8fb3bb8f494539
KPOTStealer
a5d9ffc80b57f0144f4fc99b8ee1061247372134f80b25f8bcbfabfa058e5e53
KPOTStealer
ccbe3d3c56f67ca2eae06209050bfb086fdbc579d8511585533e841e4d9b5dfe
KPOTStealer
d720af33d2bfd971d3b8e281c5f1b463389f9923eff1efa81351fd0e1a413e94
KPOTStealer
dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc
KPOTStealer
ecb89e9f66cd7f37efefec4cb211770200ccb17c810ad741cb3ec141e41c361c
KPOTStealer
+ 45 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-zbaz9zgvkj/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

KPOTStealer

gz 855df8ea53324c9586b709096cfa75eee7861ab887d8b15f801fca717337abff

KPOTStealer

Executable exe b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d

(this sample)

  
Dropped by
MD5 44184911454ad8c4666e2b5da109ac79
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 855df8ea53324c9586b709096cfa75eee7861ab887d8b15f801fca717337abff

Comments