Overview

overview

10

Static

static

7

kolebot/da...er.exe

windows7-x64

7

kolebot/da...er.exe

windows10-2004-x64

10

kolebot/da...le.dll

windows7-x64

7

kolebot/da...le.dll

windows10-2004-x64

10

kolebot/dat/psapi.dll

windows7-x64

1

kolebot/dat/psapi.dll

windows10-2004-x64

10

kolebot/kole.exe

windows7-x64

7

kolebot/kole.exe

windows10-2004-x64

10

kolebot/we...ea.url

windows7-x64

6

kolebot/we...ea.url

windows10-2004-x64

10

kolebot/we...ot.url

windows7-x64

6

kolebot/we...ot.url

windows10-2004-x64

10

kolebot/we...le.url

windows7-x64

6

kolebot/we...le.url

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7517746242ec69fa815dc164b20556cb

  • Size

    3.1MB

  • Sample

    240125-v1h1bsbfc6

  • MD5

    7517746242ec69fa815dc164b20556cb

  • SHA1

    b97cb4d07d2f128777580885b50dc182f7159c10

  • SHA256

    426fec334451663204948caea397a56aed58dec43de28c6a4fdaed7f6ce433fe

  • SHA512

    53f9cedbc4d8d622fcb19989dbcbb8764cab9316cb88109eef167e5a2f0b49df89428bfa8d06cbe74b88e9ff77e690c7ec7af6174a72f644522691f9f587cf0b

  • SSDEEP

    98304:C4tAuAZ23L0nlVcs5ttTIZXp4T4MD2SA89kUo5rCFpYM:CUAZ8YnssHWX6AckhMYM

Score
10/10
kinsingevasionloaderthemidatrojan

Malware Config

Targets

    • Target

      kolebot/dat/klauncher.dat

    • Size

      1.6MB

    • MD5

      b22a892d0263a979acdea8c9f5b40e12

    • SHA1

      d6a1ae21312e8cc553833639883a20f35adc9a8b

    • SHA256

      8c5d7ad2e14b5312feab8d4d15132cc1c53af846ea4ac3f056b097b3639ca423

    • SHA512

      b16b7b21ed44d85fc22effb922bf134abcb4a0726df42a1ed4564baaee6d1c313eacc205aaefe8b45b9931f5ce8ba7778c47743d579a4ca155915ac023fde1d4

    • SSDEEP

      24576:/fh/27bHUIh7BsOcZw/ORVL93HQ9NgxcoQxKv16Bfa2TqBwOl0:Re7gINsOAn3wDg6BfvTJ

    Score
    10/10
    evasionthemidakinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      kolebot/dat/kmodule.dat

    • Size

      3.0MB

    • MD5

      7b58eeed2148d3a19110e7cac5c01237

    • SHA1

      c314a9b08dd04cb370d756941e48ad2ebb9ade6d

    • SHA256

      8b991944797c991a8e6362275abb6008cee8e1f014c5edc6627aa230ea8d5f8d

    • SHA512

      472062d6ab0e7ff4f8870620b376eac0e29c9f4accd81ad8f5c74e8625283984df3eb99d52d07f6cc18f6790e76204cedea710dcd11730d54d70cff90e26db78

    • SSDEEP

      98304:YgE2MvZYs03233IZ7pGS5NWrFvgGebQxHteiL9K/tXcm434ZTJ2aA1GzdfwWizwe:YgnMvZYs0Ps

    Score
    10/10
    evasionthemidakinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      kolebot/dat/psapi.dll

    • Size

      22KB

    • MD5

      c24d2a8da25295117dc31d423a146fa5

    • SHA1

      fa6dcb66cb9601bf78aef140dcd00b8bde779bec

    • SHA256

      04e53276c1ecdf0017eef86d8281db6b899dcc58318da3452dec6aeb793b9d7f

    • SHA512

      27ba97532c7293e3eaf07e8ae482b79072ddc5456de8fb1a1baa7e023295cb0e99ce5d6cd0b9a657555c85eb089c90d96a8eb1b7e46a895aa1d94086ad434d26

    • SSDEEP

      384:rnIgBApSLPuSO6lDA85aZsaA6hfMl0f1DSneOV+o4CXqR7yAuyOosmMLoWZjPAWZ:8gOSROSOZ9Mef1CDSRu3vP4

    Score
    10/10
    kinsingloader
    behavioral5behavioral6

    • Target

      kolebot/kole.exe

    • Size

      685KB

    • MD5

      2d61c397d1105adfa9f24d6f2ed009c6

    • SHA1

      955348a31c60572f8c31ff4cf056af71e3839073

    • SHA256

      4d9b6f7cb5e033213affe7e043472e2b8394dbbef07a974396fae31b1211a171

    • SHA512

      466789f02850a611d23eaeb4c0fe6d3ff007e77b6997f22c3119140b7595bb15e1bdd883d6d9dd6d545d7f096173e4ca472e2c053c0f47c2a4b67a6a1c20c2bf

    • SSDEEP

      12288:vzf39vubuTqaEZZpZGNZyXPZXCHEJvx2pqrq6GQ16ZSv/a0rT888888888888W8n:vT39vu6TmbZeZM1CMmoz64HKnBg

    Score
    10/10
    evasionthemidakinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

    • Target

      kolebot/website/GameCrea.url

    • Size

      123B

    • MD5

      5ecf0d60f61bdc342b3364a0343bdf9e

    • SHA1

      81e3d0759ba45684979fe651af13bd27c3821105

    • SHA256

      96f98a15195898d95ff46ebd9cfa350f27c5002d7f128e2dc89d21289a183b06

    • SHA512

      d90a63ec245eb4a8ed5db93467160be3a2dbe4f073606934c036567ebc677d1f16e49397d23a6b0cd463e29b52de454ed267818d16c919cb974f28e4b26be930

    Score
    10/10
    kinsingloaderevasiontrojan
    behavioral10behavioral9

    • Target

      kolebot/website/Kolebot.url

    • Size

      122B

    • MD5

      9e5ae6d61f4580eeb1ff706dea9c981d

    • SHA1

      a2246358d309971f65c2a92ceaf649959d5e1668

    • SHA256

      770a6f046fab3b2195214e551a4f3f010684f2c74080a43fb253b2cbf1e59679

    • SHA512

      dcf7cd1ff3a9b565bd6d05dbd00cc34446cf31120556b24f1d6cf543658f44f4312d35398591e8d0f464e7fc898eacdc589ba525f79040ca65551489d804a565

    Score
    10/10
    evasiontrojankinsingloader
    behavioral11behavioral12

    • Target

      kolebot/website/OnlineHile.url

    • Size

      125B

    • MD5

      48ce7b7619f1c60877062ecff59ca963

    • SHA1

      ecd1e7558a4eb86b8e76582f4c9122fe150b8e53

    • SHA256

      165b8e1402c3e526d6956c44faf9b49596faf12c1530b93d373e66cf763648cc

    • SHA512

      6d213b545594dc157a74fe795c203f3ba891de72cac2aa6715a1c6a2365b6f8f4093b844f55001a3197b7e21d5a28bde4ce87f168c85e78e5e23ce5f37bfd32f

    Score
    10/10
    evasiontrojankinsingloader
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks