Overview

overview

10

Static

static

7

kolebot/da...er.exe

windows7-x64

7

kolebot/da...er.exe

windows10-2004-x64

10

kolebot/da...le.dll

windows7-x64

7

kolebot/da...le.dll

windows10-2004-x64

10

kolebot/dat/psapi.dll

windows7-x64

1

kolebot/dat/psapi.dll

windows10-2004-x64

10

kolebot/kole.exe

windows7-x64

7

kolebot/kole.exe

windows10-2004-x64

10

kolebot/we...ea.url

windows7-x64

6

kolebot/we...ea.url

windows10-2004-x64

10

kolebot/we...ot.url

windows7-x64

6

kolebot/we...ot.url

windows10-2004-x64

10

kolebot/we...le.url

windows7-x64

6

kolebot/we...le.url

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kolebot/dat/klauncher.exe

  • Size

    1.6MB

  • MD5

    b22a892d0263a979acdea8c9f5b40e12

  • SHA1

    d6a1ae21312e8cc553833639883a20f35adc9a8b

  • SHA256

    8c5d7ad2e14b5312feab8d4d15132cc1c53af846ea4ac3f056b097b3639ca423

  • SHA512

    b16b7b21ed44d85fc22effb922bf134abcb4a0726df42a1ed4564baaee6d1c313eacc205aaefe8b45b9931f5ce8ba7778c47743d579a4ca155915ac023fde1d4

  • SSDEEP

    24576:/fh/27bHUIh7BsOcZw/ORVL93HQ9NgxcoQxKv16Bfa2TqBwOl0:Re7gINsOAn3wDg6BfvTJ

Score
10/10
kinsingevasionloaderthemida

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kolebot\dat\klauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\kolebot\dat\klauncher.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:3544
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 540
      2⤵
      • Program crash
      PID:5096
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 588
      2⤵
      • Program crash
      PID:1724
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3544 -ip 3544
    1⤵
      PID:3452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3544 -ip 3544
      1⤵
        PID:3620

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3544-0-0x0000000000400000-0x000000000059C000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3544-1-0x0000000000400000-0x000000000059C000-memory.dmp

        Filesize

        1.6MB

        Download