loader gif

New KPOT V2.0 Stealer Brings Zero Persistence and In-Memory Features to Silently Steal Credentials

New KPOT V2.0 Stealer Brings Zero Persistence and In-Memory Features to Silently Steal Credentials (Malware and Vulnerabilities)

Overview KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. Figure 1: Exploit kit campaigns distributing KPOT Stealer, November 2018 to May 2019 Recently, actors began delivering a newer version of the malware; this post analyzes one of those campaigns along with the malware itself. ]131/a6Y5Qy3cF1sOmOKQ/gate.php XOR key: Adx1zBXByhrzmq1e Malware Analysis KPOT Stealer is a “stealer” malware written in C/C++ that focuses on stealing account information and other data from various software applications and services. Figure 5: Old KPOT C&C panel login A screenshot of the C&C panel login for the newer version analyzed in this post is available in Figure 6.

loader gif