MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1c2513c906bb4f53b2ea2ec8fc675000e5a49daa84c35a2963c63148187a25e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

KPOTStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e1c2513c906bb4f53b2ea2ec8fc675000e5a49daa84c35a2963c63148187a25e
SHA3-384 hash:	dfbd7656afe3e17a3a1407734693660d4ee9a0d058107fda503486b8d3aa4477c7966469e70359b755930863fcbc5172
SHA1 hash:	6f207cf41a5733013a7184e5c75ebb98ba4fde37
MD5 hash:	9af3c840b969a99d911fa6c2c18dee14
humanhash:	white-island-purple-coffee
File name:	kpo.exe
Download:	download sample
Signature	KPOTStealer Create hunting rule
File size:	1'716'832 bytes
First seen:	2020-04-23 18:40:04 UTC
Last seen:	2020-04-23 19:45:29 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	3072:umF+CQEG1lCSKPXlJBv9cBp85pgbQjqvQYHWkAjkSpqxwEhd3tz87ZZlN:Vi1lMypucvQjkVSpqxwEaF
Threatray	1'234 similar samples on MalwareBazaar
TLSH	198597DC7B2FED63D03DA1330032A09CA648EDB5D6EECE2EAAD5107D65161407C9672B
Reporter	James_inthe_box
Tags:	exe KPOTStealer

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.626167.15643.17576.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-23 16:26:35 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

27 of 31 (87.10%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4hbfcpeqno2pkozoulwi7rtvaahfuso2vbgdliuwhrrrjamhujpa._file

Verdict:

malicious

KPOTStealer

3fd4aa339bdfee23684ff495d884aa842165e61af85fd09411abfd64b9780146

KPOTStealer

4803cd9f78d255530bb277add77ba85e09d625edc94750fcced09f3ed438b5f7

KPOTStealer

5c197a3050357890623e49dff313b1189d61c7902cb97145bcdb9bb6433d7e67

KPOTStealer

80cf08d2dc19a68aec5ee4eb60f728380f16eb2b434125327e58a9bb0354f83a

KPOTStealer

9d5e1b067602a21d434c7de34f220dc807b971c0208a0ed3d6c97249bf2a4d1b

KPOTStealer

a5d9ec13651c51cba4591a97feecc25624d8a081cd5380187469391d321d544d

KPOTStealer

cafbb8091846d36e826b669f8480fd33955afaa03afd5cf16d37f8a413dd6850

KPOTStealer

f277ca7af289d994cd4ed2a5f9e2b662c97709bf0b17ab5ca7081bdd171b8326

KPOTStealer

f9c6f13bb1cb6d43ad7c53db28448ea88962a71e981910cbf0586f9340a1b09a

KPOTStealer

+ 1'224 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/350571/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample