Overview

overview

3

Static

static

3

Koh-main/C...ild.sh

ubuntu-18.04-amd64

1

Koh-main/C...ild.sh

debian-9-armhf

1

Koh-main/C...ild.sh

debian-9-mips

1

Koh-main/C...ild.sh

debian-9-mipsel

1

Koh-main/K...ure.js

windows7-x64

1

Koh-main/K...ure.js

windows10-2004-x64

1

Koh-main/Koh/Creds.js

windows7-x64

1

Koh-main/Koh/Creds.js

windows10-2004-x64

1

Koh-main/Koh/Find.js

windows7-x64

1

Koh-main/Koh/Find.js

windows10-2004-x64

1

Koh-main/K...ers.js

windows7-x64

1

Koh-main/K...ers.js

windows10-2004-x64

1

Koh-main/Koh/Pipe.js

windows7-x64

1

Koh-main/Koh/Pipe.js

windows10-2004-x64

1

Koh-main/K...ram.js

windows7-x64

1

Koh-main/K...ram.js

windows10-2004-x64

1

Koh-main/K...fer.js

windows7-x64

1

Koh-main/K...fer.js

windows10-2004-x64

1

Koh-main/K...esc.js

windows7-x64

1

Koh-main/K...esc.js

windows10-2004-x64

1

Koh-main/Koh/app.xml

windows7-x64

1

Koh-main/Koh/app.xml

windows10-2004-x64

1

Koh-main/M...ut.exe

windows7-x64

1

Koh-main/M...ut.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Koh-main.zip

  • Size

    143KB

  • MD5

    3f8dcb82d32f3b0c4449b47a99dcfd03

  • SHA1

    084056aa1f0ee98d39bf8687bf0bd0e161731b09

  • SHA256

    d2fdc4144c99db7bb217a443166c1c23ea6dc82dba48e6859bd5997e86631cbe

  • SHA512

    f17c08cf7cbb6b06ab2b748dd13a8743cd0bb681a093de2cba6b0db11f42b23864434b4f13dedf3065370285e4fb262a14a3467d97b43dbb658d8e2e57b518f4

  • SSDEEP

    3072:FoE3BRhKWkT8iiHkbIs/rv3AZYHWcMAxHD6vOSM9u0e:FDBLKWkhnbIs/7AqHWmOvBMMR

Score
3/10

Malware Config

Signatures

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Koh-main.zip
    .zip

    Password: infected

  • Koh-main/.gitignore
  • Koh-main/CHANGELOG.md
  • Koh-main/Clients/BOF/KohClient.c
  • Koh-main/Clients/BOF/KohClient.cna
  • Koh-main/Clients/BOF/KohClient.h
  • Koh-main/Clients/BOF/beacon.h
  • Koh-main/Clients/BOF/build.sh
    .sh linux
  • Koh-main/Koh.sln
  • Koh-main/Koh.yar
  • Koh-main/Koh/Capture.cs
    .js
  • Koh-main/Koh/Creds.cs
    .js
  • Koh-main/Koh/Find.cs
    .js
  • Koh-main/Koh/Helpers.cs
    .js
  • Koh-main/Koh/Interop.cs
  • Koh-main/Koh/Koh.csproj
  • Koh-main/Koh/LUID.cs
  • Koh-main/Koh/Pipe.cs
    .js
  • Koh-main/Koh/Program.cs
    .js
  • Koh-main/Koh/Properties/AssemblyInfo.cs
  • Koh-main/Koh/SecBuffer.cs
    .js
  • Koh-main/Koh/SecBufferDesc.cs
    .js
  • Koh-main/Koh/app.config
    .xml
  • Koh-main/LICENSE
  • Koh-main/Misc/Donut.license
  • Koh-main/Misc/donut.exe
    .exe windows x64

    Password: infected

    4970aa163a1343dca70c14d7acb4eef5


    Headers

    Imports

    Sections

  • Koh-main/README.md