General

  • Target

    dc02167cff131c6e6c0a2801f1eb3b0c.exe

  • Size

    399KB

  • Sample

    200707-nzlfzyt29x

  • MD5

    dc02167cff131c6e6c0a2801f1eb3b0c

  • SHA1

    20d395af135774018632b34dd6987ebfe43db43d

  • SHA256

    dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc

  • SHA512

    438864813274ec6a5a9350391994de17512d957eccd4ffb4d7113e15e69e3c5171d94eb90c0081ac05c1a616ffe53999fd5bc46dda242847b4dcd7eaa1837362

Malware Config

Targets

    • Target

      dc02167cff131c6e6c0a2801f1eb3b0c.exe

    • Size

      399KB

    • MD5

      dc02167cff131c6e6c0a2801f1eb3b0c

    • SHA1

      20d395af135774018632b34dd6987ebfe43db43d

    • SHA256

      dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc

    • SHA512

      438864813274ec6a5a9350391994de17512d957eccd4ffb4d7113e15e69e3c5171d94eb90c0081ac05c1a616ffe53999fd5bc46dda242847b4dcd7eaa1837362

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Program crash

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Tasks