Kpot InfoStealer is an information stealing trojan that is available for sale in the underground markets. It will silently collect and steal sensitive information and passwords from web browsers, mail clients, FTP clients, cryptocurrency wallets, and other applications from the compromised system. Kpot InfoStealer will make connections to a Command & Control (C&C) Server and, depending on the configuration from the C&C server, it may issue commands to perform various malicious activities on the victim’s computer.
This post serves to inform our customers about detection and protection capabilities within the VMware Carbon Black suite of products against Kpot InfoStealer.
The following is a screenshot of Cloud Enterprise EDR (CB ThreatHunter) process chart by Kpot InfoStealer.
In addition, VMware Carbon Black Cloud Endpoint Standard (CB Defense) will display the malware’s overall triggered TTPs.
TID | Tactics | Technique |
---|---|---|
T1143 | Defense Evasion | Hidden Window |
T1049 | Discovery | System Network Connections Discovery |
T1016 | Discovery | System Network Configuration Discovery |
T1135 | Discovery | Network Share Discovery |
T1497 | Defense Evasion, Discovery | Virtualization/Sandbox Evasion |
T1124 | Discovery | System Time Discovery |
T1070 | Defense Evasion | Indicator Removal on Host |
T1107 | Defense Evasion | File Deletion |
Indicator | Type | Context |
---|---|---|
a08db3b44c713a96fe07e0bfc440ca9cf2e3d152a5d13a70d6102c15004c4240 | SHA256 | Kpot InfoStealer |
99785ae0679d6d3e27de83af403c23b0 | MD5 | Kpot InfoStealer |
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.