kpot | 53e1f72ca9dbdfe05ec0baca1f5b5bad453549d7a38845eb14013de9b05f2135 | Triage

Submit
Reports

Overview

overview

Static

static

1

7a53429710...18.exe

windows7-x64

7a53429710...18.exe

windows10-2004-x64

Sharing

General

Target

7a53429710e5d456bd79c147316c1bbb_JaffaCakes118
Size

406KB
Sample

240527-ymmyxaga5x
MD5

7a53429710e5d456bd79c147316c1bbb
SHA1

4d46fc427c0c5aa412e13b96dd6be72044ceb18d
SHA256

53e1f72ca9dbdfe05ec0baca1f5b5bad453549d7a38845eb14013de9b05f2135
SHA512

2673325f08ff43f0a6afcdac341f7fe944927153c09efb14e16dd53974cabba283ca41c03a5c40bc5e0d5d5537d7757284ef7dce70383881deb6c0d2efaa769a
SSDEEP

6144:Bdq3IOyQfp+IC0TbC4oWlJBAMZTZwHrmmLWcBagudQOzmGTpozs7:BTQ8sbXLJBAMxCLmmLWcBax6qmGv

Score

10^/10

kpot rezer0 stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7a53429710e5d456bd79c147316c1bbb_JaffaCakes118.exe

Resource

win7-20240221-en

kpot rezer0 stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a53429710e5d456bd79c147316c1bbb_JaffaCakes118.exe

Resource

win10v2004-20240508-en

kpot rezer0 stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  7a53429710e5d456bd79c147316c1bbb_JaffaCakes118
- Size
  
  406KB
- MD5
  
  7a53429710e5d456bd79c147316c1bbb
- SHA1
  
  4d46fc427c0c5aa412e13b96dd6be72044ceb18d
- SHA256
  
  53e1f72ca9dbdfe05ec0baca1f5b5bad453549d7a38845eb14013de9b05f2135
- SHA512
  
  2673325f08ff43f0a6afcdac341f7fe944927153c09efb14e16dd53974cabba283ca41c03a5c40bc5e0d5d5537d7757284ef7dce70383881deb6c0d2efaa769a
- SSDEEP
  
  6144:Bdq3IOyQfp+IC0TbC4oWlJBAMZTZwHrmmLWcBagudQOzmGTpozs7:BTQ8sbXLJBAMxCLmmLWcBax6qmGv
Score

10^/10

kpot rezer0 stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kpotrezer0stealertrojan

behavioral2

kpotrezer0stealertrojan

© 2018-2025

Terms | Privacy