kpot

Sharing

Copy URL

Twitter E-mail

General

Target

19b15bd216a75333053517cd4e4afe3d_JaffaCakes118
Size

261KB
Sample

240728-v1626ayene
MD5

19b15bd216a75333053517cd4e4afe3d
SHA1

970370ad007d721d7290019df0bb36392e604a00
SHA256

03544cc512306862b88bbf0c5f3a573bdb023f061302e90d24ebfeed93334d01
SHA512

42b416109cbb305f3bcaede9a997e9b20ec7475726a6f5794d8df56f6a4caa659e18b78c684c81c7bb269555da03e013fbfdebe4b7b5d9460b6546659e6766fd
SSDEEP

6144:SR+xXJuUnOgw0HzrnEle1exXN4I+j3c1Ao5JXXJJ2HMU51xdt:GW3RXoek9j8eV3JgMm

Score

10^/10

Malware Config

Targets

- Target
  
  19b15bd216a75333053517cd4e4afe3d_JaffaCakes118
- Size
  
  261KB
- MD5
  
  19b15bd216a75333053517cd4e4afe3d
- SHA1
  
  970370ad007d721d7290019df0bb36392e604a00
- SHA256
  
  03544cc512306862b88bbf0c5f3a573bdb023f061302e90d24ebfeed93334d01
- SHA512
  
  42b416109cbb305f3bcaede9a997e9b20ec7475726a6f5794d8df56f6a4caa659e18b78c684c81c7bb269555da03e013fbfdebe4b7b5d9460b6546659e6766fd
- SSDEEP
  
  6144:SR+xXJuUnOgw0HzrnEle1exXN4I+j3c1Ao5JXXJJ2HMU51xdt:GW3RXoek9j8eV3JgMm
Score

10^/10

kpot discovery stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $APPDATA/channelName/missingtrackvolume/struct/MFC80KOR.dll
- Size
  
  48KB
- MD5
  
  bf8c7fb08e1c470a573aac9b1b711e1c
- SHA1
  
  ff5e3ca6f9a8cc2d5cb14b1aaf6a361842742eba
- SHA256
  
  11107a404eb329f14193cc33df3e29fd19680e223019bc66601b3cd910f1315d
- SHA512
  
  9d04a69b73c398883def5b3b422652b67083f91c0f74578182c14c19152bcc2a7b7e0d1337735cf813cf6c8e1be33217d1a568dc0b094066f2c6aa09e7ca87b4
- SSDEEP
  
  384:fDNSnxGF5/tAGqyV0/Nv/WfWR7Ku/KV0YfmtT2XYm66tHggFK417RTNbU/Ltl3tL:fZSEF7AGD0NvxhriHqN
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/channelName/missingtrackvolume/struct/SystemDeploymentFrameworkService.exe
- Size
  
  4KB
- MD5
  
  fda71eb648ed47182dce06b21e09bcb0
- SHA1
  
  6daabb116cc36a9eb80a6417d44e7635d6aed3cb
- SHA256
  
  9c2cc53a65f35677c02be1fe44fab59eccc442192bf82204896bf7622c0fd508
- SHA512
  
  b4177dc40c8a4c1a58580979e7ad5450f7a76b55e4a52e3c6ed42420f6ee5e83bf31eee50d0d8a805352d9db98dca647fc90308f40858c71f094625d71387d06
- SSDEEP
  
  96:8V3oL2N8k+2xvpjrLDtbqDL0KEWfoNmX16W/:3L2ikdxBjWfoNmX16W/
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/position/advanced/children/savemode/event-utils.js
- Size
  
  3KB
- MD5
  
  1e4ac3f9ea0c61b9815675a38f75e71d
- SHA1
  
  a4bcc3d156a3d7d19c021e597be8131801abfc06
- SHA256
  
  3d83dd596cce4be1ee877d5afeac15bac9016a7a9dce0355854ea0af082491c2
- SHA512
  
  59db3f316a0a6514715ef103311ced9505cfdfebd7cee2a0005bd90a25806a10fe8a6aa515f418a2c214f8146444f282dd756c02c09b9b1004c95d1be82ff9cd
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  $TEMP/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/hedgerows.dll
- Size
  
  22KB
- MD5
  
  2ae5d410948624b091bffee8fe572969
- SHA1
  
  959e5dceaa00d60feab658160a56922a2078c36f
- SHA256
  
  49d58d394cfd697ea5d855b88cede6d70eb08effafde514d255493b3ec5eb645
- SHA512
  
  ac481da138de38b8ebce01828b25da3dbb009571fdc614e351896375bc169b216974fb62312e76dd6308d53ab278f25497656e35e8ff3928e15ce599c8be5fd3
- SSDEEP
  
  384:EdFm+S8UL8g/QtR4yRYWXU62n9nvBRO+PISAuaW4EjpqB:mFmfpL8ae4UYSU/lvBROVSlm
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $TEMP/pl/rule/inline/NotificationBox.css
- Size
  
  2KB
- MD5
  
  d2d5ad4d7e300d1cdd14731e1667b6a6
- SHA1
  
  3bf08794b079b68efb0f9f0cfbe0347546f61161
- SHA256
  
  da7e82b79e6814d941c7bbc6e1da713a05e4caeb8c20e67afa0a398e925d75d1
- SHA512
  
  29e55f232d9e07595ca409f4beb3b56bd9202897096dbc1a13380394e724bbf4a0a627fcabc80b5a33e5951848987c3aceff8dcec362918cc4a83bff8f62aea7
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/pl/rule/inline/vjscsvrps.dll
- Size
  
  11KB
- MD5
  
  7217cd683c6cfd0cfbd35dc0d6ecbc7c
- SHA1
  
  e26dc3d907758f90ec18140221ebe7ee98028649
- SHA256
  
  e005228d21dd9494ebdc890a1617aed9633c653ee4d858df5c99967edaad3ad2
- SHA512
  
  862231656b60456005d5c63f9cd9764bfbc73c36074d772761fe68c29673f270694136000d1812741f8bdca909706ae2968ae387b5395058b6e311e3838a42e1
- SSDEEP
  
  192:aWFD1PrY6z4jA7NJ5kqWFyN3X0S6vrktmGq9AerWHfN9HWN9oHL:a4xPzzOA7hkq4GES6W4WH19HWfq
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

KPOT Core Executable

Blocklisted process makes network request

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16