kpot | b314b729c67fb92c264618c1741443b6201b349932041372ce0205969b6c46d9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2025-01-13...ia.exe

windows7-x64

2025-01-13...ia.exe

windows10-2004-x64

Sharing

General

Target

2025-01-13_69fff9988e7b9bedbf97c7fe86aaedb3_mafia
Size

255KB
Sample

250113-ymcg6swkdy
MD5

69fff9988e7b9bedbf97c7fe86aaedb3
SHA1

2e04fc1efcfd2ac785b135b104fb28f976c49f90
SHA256

b314b729c67fb92c264618c1741443b6201b349932041372ce0205969b6c46d9
SHA512

f76300d766fe00723c3212db77e64307abcf508b51da33c1c3b1a6c092544da40fc768730b6554808f40e052714c8f6994919de0edb981e48b856d2f9ef45f09
SSDEEP

6144:WIq711Oow5xWvat2GcbFjB4QxcEvdrk82bLlM4mcd6:WIqn7w5xWV1dWQOEdrk8sL+4mcd6

Score

10^/10

kpot discovery stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-01-13_69fff9988e7b9bedbf97c7fe86aaedb3_mafia.exe

Resource

win7-20240903-en

kpot discovery stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-01-13_69fff9988e7b9bedbf97c7fe86aaedb3_mafia.exe

Resource

win10v2004-20241007-en

kpot discovery stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-01-13_69fff9988e7b9bedbf97c7fe86aaedb3_mafia
- Size
  
  255KB
- MD5
  
  69fff9988e7b9bedbf97c7fe86aaedb3
- SHA1
  
  2e04fc1efcfd2ac785b135b104fb28f976c49f90
- SHA256
  
  b314b729c67fb92c264618c1741443b6201b349932041372ce0205969b6c46d9
- SHA512
  
  f76300d766fe00723c3212db77e64307abcf508b51da33c1c3b1a6c092544da40fc768730b6554808f40e052714c8f6994919de0edb981e48b856d2f9ef45f09
- SSDEEP
  
  6144:WIq711Oow5xWvat2GcbFjB4QxcEvdrk82bLlM4mcd6:WIqn7w5xWV1dWQOEdrk8sL+4mcd6
Score

10^/10

kpot discovery stealer trojan
- KPOT
  KPOT is an information stealer that steals user data and account credentials.
  trojan stealer kpot
- KPOT Core Executable
- Kpot family
  kpot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kpotdiscoverystealertrojan

behavioral2

kpotdiscoverystealertrojan

© 2018-2025

Terms | Privacy