General

  • Target

    [game3rb] KinitoPET.v1.1.0-P2P.zip

  • Size

    652.8MB

  • Sample

    240302-q5efgsec53

  • MD5

    60b858972360f7dca94eb4540da5282c

  • SHA1

    7440eae887d7d80125a4def6a3d84582305148ef

  • SHA256

    1079a613057f32e18e2f94db6e6451bb83eff68771297aeb8bc11919085c52a0

  • SHA512

    5fcb276bcc88d076e4e7215cb7322beea0433cacfa6e90109665c728971c518e35cd1d3dea0f0b71ea87409d7bb082c06b800e54ddf1d09a3b241739f61137b2

  • SSDEEP

    12582912:FsnsVnXrLGSnFywxeZEvsT4Xgosxm7B4L3FOn6xAVLofwtS+hD:FsnsVXrLGSnF7wisMQosc7iPxAVL/E+Z

Malware Config

Targets

    • Target

      [game3rb] KinitoPET.v1.1.0-P2P.zip

    • Size

      652.8MB

    • MD5

      60b858972360f7dca94eb4540da5282c

    • SHA1

      7440eae887d7d80125a4def6a3d84582305148ef

    • SHA256

      1079a613057f32e18e2f94db6e6451bb83eff68771297aeb8bc11919085c52a0

    • SHA512

      5fcb276bcc88d076e4e7215cb7322beea0433cacfa6e90109665c728971c518e35cd1d3dea0f0b71ea87409d7bb082c06b800e54ddf1d09a3b241739f61137b2

    • SSDEEP

      12582912:FsnsVnXrLGSnFywxeZEvsT4Xgosxm7B4L3FOn6xAVLofwtS+hD:FsnsVXrLGSnF7wisMQosc7iPxAVL/E+Z

    Score
    10/10
    • Modifies firewall policy service

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/KinitoPET.exe

    • Size

      34.1MB

    • MD5

      f294bf869a738bfd3d6a7a126448d085

    • SHA1

      09d1ad5e8fe20efd1e1065dd7e5d7bbdc4147f90

    • SHA256

      b83ccd96153465d6ec45b76586ca5effcff8c1e85a2b64881437e9060d39754a

    • SHA512

      284b8cec5097a4160737ec3f2f63774c60a8bb66c05f27b47ee10bc5184ff917a96403fb00a5d59d61340a56457f2653c46fe614a4c908b90e89d79da2295690

    • SSDEEP

      786432:cThPAXf3igAkooZdFBX5oYviSEK95FBHU0KWOpEurOJARKcnVmEtQGqYXYaod7rB:cTx

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/data_KinitoPET/Mono/bin/MonoPosixHelper.dll

    • Size

      1.2MB

    • MD5

      f678cd1a7d957907341de91a4bb0cbe0

    • SHA1

      92daa14fb9fe752f156c33a2b82f4d58d64baabc

    • SHA256

      8684fa088a949d7694a98ff9a8c86d1c3fcbbf3ff3f931210adea32a3a724183

    • SHA512

      3c40dbf01b073e05202871fa98f248220479e304a927854554669f7997244112d5c24901ce00d0e13c3cab4cc6ad09e483c18c2e06dcdcf3e14edf5f17bc3745

    • SSDEEP

      24576:J134cjWfsThZ1S/8CUyaDGnrYQZBFEGU/XG+LVHZYXB3:8cbT6KDbQZBFEx4XB3

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/data_KinitoPET/Mono/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx

    • Size

      59KB

    • MD5

      f7be9f1841ff92f9d4040aed832e0c79

    • SHA1

      b3e4b508aab3cf201c06892713b43ddb0c43b7ae

    • SHA256

      751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

    • SHA512

      380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

    • SSDEEP

      768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/data_KinitoPET/Mono/etc/mono/4.0/DefaultWsdlHelpGenerator.aspx

    • Size

      59KB

    • MD5

      f7be9f1841ff92f9d4040aed832e0c79

    • SHA1

      b3e4b508aab3cf201c06892713b43ddb0c43b7ae

    • SHA256

      751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

    • SHA512

      380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

    • SSDEEP

      768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/data_KinitoPET/Mono/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx

    • Size

      59KB

    • MD5

      f7be9f1841ff92f9d4040aed832e0c79

    • SHA1

      b3e4b508aab3cf201c06892713b43ddb0c43b7ae

    • SHA256

      751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

    • SHA512

      380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

    • SSDEEP

      768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/extra/e1.file

    • Size

      5.5MB

    • MD5

      259ffd8cae9c794c111de74ee0aa728c

    • SHA1

      91c7cc18c08b6abf0b1956bd9db96efc6ded27a1

    • SHA256

      c529c8e76c54025f183f2c3b185817b175b8947314ba9b41afd4746f77bab695

    • SHA512

      874c013531870b745b4eee9cddcca5c18967252dce37a37053526585c09900cc057bf00fbce8b4f40aa6944433cbdcf4ddfe11898688e5531b87bf5b305da9a6

    • SSDEEP

      98304:aB+AB2uW5MI079g+DltLGMY8DI65KiaYGgQ30LJd2UqLjkLqpLj+ZvVuKr:apkL2V76+DXLZy7YM30LzajzpLEVuC

    Score
    7/10
    • Loads dropped DLL

    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/extra/lense/lense.exe

    • Size

      36.3MB

    • MD5

      c4c309550219eee41f38ebcb089c086f

    • SHA1

      20e63cda672287bae4043746d15624dcfcd6f4f1

    • SHA256

      4e5fe57fa68b1e1530730a31bfeed8d8365718af2e126db1bf36dccc91db8267

    • SHA512

      11597bc644ac6a7bc7dff57dfd8eba38a90520336be70ef275e108d3bac7683344b2c4538896efa97453fe50e80b1294d5a8986099092f905b3c4eb60ef2c052

    • SSDEEP

      786432:D1SEK5Ju21htGBE2oX7anXMtQaxZMs9jiZKRe4yvchUKxA3c:DiRoFW+Vsdws

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/extra/msg1.vbs

    • Size

      118B

    • MD5

      9eba5abff1b5598a127e3042d8fcaced

    • SHA1

      9e2c9ac9086f7bc8d32a783b1adb6ea677507136

    • SHA256

      d4a7c95dfd8d0778e2d3a337f7b4febf995995a35bf9ddd53d245cc6c737c316

    • SHA512

      a1dc7d7b65635c559323d2f05be8adc4abd30efb69c8a6c29773f7aceb2170a30f2c3e6ecb518ae6d64007b090d1632c1e984a1d5f52a5f542ce25753ada348a

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/extra/msg2.vbs

    • Size

      120B

    • MD5

      7efd558622ffde2eafa8f9852ac38eb3

    • SHA1

      3e6cf648623c07ae3b85f4889c446c06d09601d9

    • SHA256

      ccbc09fd41751599be74d5b2267d0e0239aa88e097b875c7040933bb708d10fc

    • SHA512

      36d2efaef799470b521216084747ae447adee833d407d853280ea9585afc208b0f919d9ebc502433ceceb0943185fe89d87cfda6eba60b52f6b02b912f56328b

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/extra/off.bat

    • Size

      287B

    • MD5

      03889252d52ac087c568af4986b50dda

    • SHA1

      ea5b819dcf06110180301911bb41ab91c7d29dd6

    • SHA256

      672e4954da1ad7dfd19cacc1f41ecf3e9ab4e1d45d8b095f5b23d3bfe568532a

    • SHA512

      c8ee7670b0ddc3ed1ba549956dbd411ec21518db49729215b0b6acab1c1cc03ff4d7f053a21afe032c770c75e69ff92175d7b2b623d81d5c2318567256d006b4

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/mono-2.0-sgen.dll

    • Size

      5.6MB

    • MD5

      f7573b0913c8dab1a01d8d9c6f401da3

    • SHA1

      ef806b9117256a67af958ba2bd988d1fe2f5dbc4

    • SHA256

      e66cd917265ff98dc1c8a3d49b8f49b98bbcfc56091888af95fdfd8b1ad8231e

    • SHA512

      2aece8056411d4f812b769b06d1dcb1b2dad2b30f2d5cb1665d7dd9fac1e320e1f8b8e79ecdadebe4e0c528c2214018500597f66c87c5f9a9dbaf9e3ad91823f

    • SSDEEP

      49152:6Kpe/zNI5WMWd7aGd3sx+CL6+LggFyYpo1X5x+GYItcEhbbFbestVfaMFIR+nS8Q:WZsuoFJuhR5eMLmsUltC/iq

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/readme.html

    • Size

      16KB

    • MD5

      09d5773a99b10ee318828900b99666ed

    • SHA1

      2583f6ad18dc86f89eccdb6447825b7c0ae7d240

    • SHA256

      c453ce3a95f05eb115364c99a3877fafb81c79e9bce811736bae64b9ba162362

    • SHA512

      069b4e38345c48d489e870f65cba5876aff5589ca9a53afd228d6614709afd35ae1c049fad782ecf637e5a63e5480506c0883ee9934d19f224836527c2e393bb

    • SSDEEP

      384:DPB8bsFIsFU11soPbNqbTU1vxPg/Q1x+I3bq1lI/TOCO1LX+G/:DJ8bFD1BYTsvx4/Q1x+IL9/Tm+G/

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/run.vbs

    • Size

      43B

    • MD5

      b63585ddd027f064b5dd38d964cc6b77

    • SHA1

      18dae7496a6d0664f492ba1696d13d7b45164d4f

    • SHA256

      a0e590277c5cb45d22c6d33202944e33f4e3db30b1e329f49ab8b3dcefbd314e

    • SHA512

      580a75875ff3803e57f31408462e1e265da0e5a3b69a03e15506b4bb15ac2df69353164d7cab3b3572f0267696e70b07f9f06f19e7b37b7e1eab88844ad05a26

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/KinitoPET/steam_api64.dll

    • Size

      1.7MB

    • MD5

      1ef6b373549fb069589c44f3119003a3

    • SHA1

      1fb0d1fccd43652e45419f1cfd2472699e52030a

    • SHA256

      65259d162a4cb9a57abd214723db0555f1c5c8b65dda828f4a641e2083f70e6c

    • SHA512

      824a836f2b1d110a1cbd1b687ca992f6f924c4d7d9e9f79fe55d8f86d39873eff99d2c83340f598551d879eda4cc559a4c35993bc4c8ddf0626bf1907b5276f9

    • SSDEEP

      49152:JboJBbAEwCsd/nLCq2fCb73O8qK2J6NA5BJeP6:WEcEdOA2J/h+

    Score
    1/10
    • Target

      KinitoPET.v1.1.0-P2P/_CommonRedist/DotNet/4.7/Microsoft .NET Framework 4.7.2.cmd

    • Size

      142B

    • MD5

      ef99b6c5d62c9e6ab34b9a6eb305c8ce

    • SHA1

      caeeb86a73217cc51025607f4c84522b9764123b

    • SHA256

      485d17282dacbe3b5182c76830d05609371f4718d89b9fba99a34f96bbc521b6

    • SHA512

      61fddf3d81aad061c596170b5f873375226659113ea19f0ac1b9582cbcaeeab9e7fec340109faab3967bea298c47adead7ba1d291d5ccfb07d732940512c6337

    Score
    10/10
    • Modifies firewall policy service

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstaller
Score
3/10

behavioral1

evasionpersistence
Score
10/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
7/10

behavioral14

Score
7/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

evasionpersistence
Score
10/10

behavioral32

Score
7/10