MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccbe3d3c56f67ca2eae06209050bfb086fdbc579d8511585533e841e4d9b5dfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KPOTStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccbe3d3c56f67ca2eae06209050bfb086fdbc579d8511585533e841e4d9b5dfe
SHA3-384 hash: 7f44af42fed07c79171d1aafca5b29d04b45e0d48b7e0c29296fb4339e65b8558dfa38199dd2d6dfa3db77b8acfe21ce
SHA1 hash: 1c0baeb116eb09fd08050dc5bf929256897b8cf6
MD5 hash: cc7a80daf5af88ee2b9c305bfcbf70f4
humanhash: august-nineteen-bakerloo-mango
File name:New COVID-19 Dealership Safety rules From Government.pdf.exe
Download: download sample
Signature KPOTStealer
Create hunting rule
File size:214'528 bytes
First seen:2020-06-03 11:28:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b519d8ef12a67d8dfeabce87bf2bd8df (1 x KPOTStealer)
ssdeep 3072:XdOMJF8bQd5Z9CkekMZSOCeCE6W0ibGNVH87VVQmhZaS9BXU:XdOMJF8bWCpkwCpEJ9bEOnDDaS9
Threatray 59 similar samples on MalwareBazaar
TLSH 3724DF163680DC72C4A50273B8B1CBF56A69AC566765029F37E83FAF2E3C3D11A61743
Reporter abuse_ch
Tags:COVID-19 exe geo KPOTStealer ZAF


Avatar
abuse_ch
Malspam distributing KPOTStealer:

HELO: host.sasasovic.com
Sending IP: 199.217.117.135
From: public@rmi.org.za
Subject: New COVID-19 Dealership Safety rules From Government
Attachment: New COVID-19 Dealership Safety rules From Government.pdf.gz (contains "New COVID-19 Dealership Safety rules From Government.pdf.exe")

KPOTStealer C2:
http://freelacerinc.ru/ZIfNQs9F0vOGQtOS/util.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.PDB-11.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:38:01 UTC
File Type:
PE (Exe)
Extracted files:
34
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zs7d2pcw6z6kf2xamieqkc73bbx5xrlz3birlbkth2cb4tm3lx7a._file
Verdict:
malicious
Similar samples:
0b7b7e73fba7b8967e403df8b6ccc237c0185093e05ce7c3044457accb6ad335
KPOTStealer
2026e97bd58d8848dbd55664417790d5ee804bc2fe86ad054cb6a304d2d39a6b
KPOTStealer
471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975
KPOTStealer
4b3bed149062abeddef6fe68cbb439f5ae3d3044a4870a125f83dfd37c34ca6c
KPOTStealer
8598147a91005830b94021bf5bf401e1b10d55ff940244394e8fb3bb8f494539
KPOTStealer
a5d9ffc80b57f0144f4fc99b8ee1061247372134f80b25f8bcbfabfa058e5e53
KPOTStealer
b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d
KPOTStealer
d720af33d2bfd971d3b8e281c5f1b463389f9923eff1efa81351fd0e1a413e94
KPOTStealer
dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc
KPOTStealer
ecb89e9f66cd7f37efefec4cb211770200ccb17c810ad741cb3ec141e41c361c
KPOTStealer
+ 49 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4r8becpxc2/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

KPOTStealer

gz 6c924fac27782f8fe06953db60d0b7c4210f34e2156631aacc554877a3ee74e6

KPOTStealer

Executable exe ccbe3d3c56f67ca2eae06209050bfb086fdbc579d8511585533e841e4d9b5dfe

(this sample)

  
Dropped by
MD5 4301104560380062b61f344050e8041f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6c924fac27782f8fe06953db60d0b7c4210f34e2156631aacc554877a3ee74e6

Comments