kpot | dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc | Triage

Submit
Reports

Overview

overview

Static

static

dc02167cff...0c.exe

windows7_x64

dc02167cff...0c.exe

windows10_x64

Sharing

General

Target

dc02167cff131c6e6c0a2801f1eb3b0c.exe
Size

399KB
Sample

200707-nzlfzyt29x
MD5

dc02167cff131c6e6c0a2801f1eb3b0c
SHA1

20d395af135774018632b34dd6987ebfe43db43d
SHA256

dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc
SHA512

438864813274ec6a5a9350391994de17512d957eccd4ffb4d7113e15e69e3c5171d94eb90c0081ac05c1a616ffe53999fd5bc46dda242847b4dcd7eaa1837362

Score

10^/10

kpot discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

dc02167cff131c6e6c0a2801f1eb3b0c.exe

Resource

win7

kpot discovery spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dc02167cff131c6e6c0a2801f1eb3b0c.exe

Resource

win10

kpot discovery spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dc02167cff131c6e6c0a2801f1eb3b0c.exe
- Size
  
  399KB
- MD5
  
  dc02167cff131c6e6c0a2801f1eb3b0c
- SHA1
  
  20d395af135774018632b34dd6987ebfe43db43d
- SHA256
  
  dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc
- SHA512
  
  438864813274ec6a5a9350391994de17512d957eccd4ffb4d7113e15e69e3c5171d94eb90c0081ac05c1a616ffe53999fd5bc46dda242847b4dcd7eaa1837362
Score

10^/10

kpot discovery spyware stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Program crash
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

kpotdiscoveryspywarestealertrojan

behavioral2

kpotdiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy