← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation
.The analysis primarily focuses on the technical intricacies of two new variants of KimJongRAT, a prevalent stealer malware. Both variants—one using a Portable Executable (PE) file and the other utilizing PowerShell—are initiated via a Windows shortcut (LNK) file, which downloads a dropper file from an attacker-owned content delivery network (CDN). The dropper facilitates the introduction of further malicious files, including a loader, a decoy PDF, and additional scripts. The PE variant employs HTTP POST requests for data uploads using multipart/form-data or application/x-www-form-urlencoded methods, while it utilizes HTTP GET requests to download data. Furthermore, it continuously loops to maintain communication with its command and control (C2) server, allowing for data exfiltration and receiving instructions.
MITRE ATT&CK & Malware Families
Indicators of Compromise (109)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0ca2066e6e2b5022d22609e85b47cd38 | MD5 of ab8862628584aa429fe7614d1c674bbdf324fa2668c4d3c94670cf6b6db597f6 | 2025-06-20 | |
| FileHash-MD5 | 0e5bca9aab0670a3064d1f784887b6d2 | MD5 of 945e4f78196ef3a5548996a8d09e4220b779a2e78d40a86d64f233f7908550e6 | 2025-06-20 | |
| FileHash-MD5 | 1119a977a925ca17b554dced2cbabd85 | MD5 of 97d1bd607b4dc00c356dd873cd4ac309e98f2bb17ae9a6791fc0a88bc056195a | 2025-06-20 | |
| FileHash-MD5 | 1b90eff0b4f54da72b19195489c3af6c | MD5 of 28f2fcece68822c38e72310c911ef007f8bd8fd711f2080844f666b7f371e9e1 | 2025-06-20 | |
| FileHash-MD5 | 1d64508b384e928046887dd9cb32c2ac | MD5 of a66c25b1f0dea6e06a4c9f8c5f6ebba0f6c21bd3b9cc326a56702db30418f189 | 2025-06-20 | |
| FileHash-MD5 | 39cf73fc4d0e9e52912c77a8bdf203e8 | MD5 of b7dad38a099947612fcc42c50f4ba1708af969a3222b3345bdff35323a41974d | 2025-06-20 | |
| FileHash-MD5 | 4b4622857d5a8049c8eabc65cbbf9759 | MD5 of bcdc99e0f17486aa5a5faa0b9e7d7ccbeaa5372626733433214bb722ba260234 | 2025-06-20 | |
| FileHash-MD5 | 516e02eb16b6b0c0356bc960e566c113 | MD5 of 7a37e2d6dc941386d1f300bac48056030f37c950bcd441d83eca708d2beab939 | 2025-06-20 | |
| FileHash-MD5 | 56d4fcfa7eb3a84740081264c5c0f10a | MD5 of 5a18a29791cfb18767a43bebb61f923e64be7988235213678514007174f60b3e | 2025-06-20 | |
| FileHash-MD5 | 6de382f761a0dc317fd7ef2a4d499a1d | MD5 of b90b2d992b41d146e70b775e2bc0430b9f7fb0ed0cd285c59daea92c2fc6af0b | 2025-06-20 | |
| FileHash-MD5 | 705cdded98daf007fcb94c379695e443 | MD5 of f4d9547269e0cd7a0df97e394f688e0eb00b31965abd5e6ad67d373a7dc58f3b | 2025-06-20 | |
| FileHash-MD5 | 71965ad52b417598d0af6e1d6a2aa1f6 | MD5 of 3b0a3bd5b790e5f130e7819550613b7e0194a3475f553285a1b7dc18ecca9d02 | 2025-06-20 | |
| FileHash-MD5 | 7202e8300419674f436c1b42720adf02 | MD5 of d92b858d691c84b4e3752fdd46b5673fbd6b5af101a7111c1d8756c90271b732 | 2025-06-20 | |
| FileHash-MD5 | 7e5d584176b92f73bc82886c9945efc9 | MD5 of 45980cc8afb4e1b3738130d0855bb608530eef6731c5116fd053ac6e04159725 | 2025-06-20 | |
| FileHash-MD5 | 89a25da827303b121ece99428a1057d9 | MD5 of 7a9f4ca13aed4d6d8ba430bc2b2f5ac2e4f9c7b5de2f5d2ba5aada211059da73 | 2025-06-20 | |
| FileHash-MD5 | 99987ef02191caa0ffdbb162c88100b3 | MD5 of 8b0b62a31b348c5a2337ee69cfd3f68a427466539484f55f1cd2910237b59700 | 2025-06-20 | |
| FileHash-MD5 | 9b79166dc484dfcb9eee4e4dd129be08 | MD5 of 3589c871b56cf76ce28c6be914b206afe977ec13b0894f56e05c5772a3c7e495 | 2025-06-20 | |
| FileHash-MD5 | 9bda78372032f9e77593fef209adf73e | MD5 of be080777332ad1186fb8547a6a354b2beba62f2a24537eb7b79e849f084a95be | 2025-06-20 | |
| FileHash-MD5 | a2d66f904f1d066c13b7c18c8a43f90d | MD5 of 6347d70b73e1cabadf8af8602b22a8220ed5b7298dbc15f16eb7dd493d6c6a78 | 2025-06-20 | |
| FileHash-MD5 | a2e7b040728000791dfa5ee3204778f5 | MD5 of 4b87b775cdb265ecd872a71be810d7816d0d8b54663b3c536862db098874f288 | 2025-06-20 | |
| FileHash-MD5 | a3353ea094f45915408065d03ae157c4 | MD5 of 3c2ea04090ad8c28116c42a9a2be5b240f135ac184e5a2c121b4eb311a7bf075 | 2025-06-20 | |
| FileHash-MD5 | b69e1b8c78635b7550f28269f251b9d7 | MD5 of 8a000aa43c17250dd02f842bc2ab37e47dd8d68da0d59753943df8b37004b701 | 2025-06-20 | |
| FileHash-MD5 | ce4549607e46e656d8e019624d5036c1 | MD5 of f73164bd4d2a475f79fb7d0806cfc3ddb510015f9161e7dce537d90956c11393 | 2025-06-20 | |
| FileHash-MD5 | e494ebb4d8c050f006a13d1dc18f86ea | MD5 of d7a61ab1b1eadd3b34386ec2a96324195ec25cd71fe4e5d9a8f993a6bd52eb92 | 2025-06-20 | |
| FileHash-MD5 | eef011fb52cc54a4d059e0254e09f4f0 | MD5 of 9c9136fc8a279ce395997dd42c075e265c6daec14b13bbe4237a4178769d270e | 2025-06-20 | |
| FileHash-MD5 | f26d9be6da9188cd1556d0024402cbbd | MD5 of 9e4e45e8f12db94997767bd3899968b9bc147bf08c062d3caea7f0864a67ea2c | 2025-06-20 | |
| FileHash-MD5 | f32e7891e2cfc58230057a506325c3c8 | MD5 of 02783530bbd8416ebc82ab1eb5bbe81d5d87731d24c6ff6a8e12139a5fe33cee | 2025-06-20 | |
| FileHash-MD5 | f5cd549944d2cbe306d413f08957a757 | MD5 of 9bfbf7618a2c5270d552f4deb69b56082cc7723433a1517678863363cb800161 | 2025-06-20 | |
| FileHash-SHA1 | 06edf5464d2cfe1a75f3600c9039eabab97248bd | SHA1 of 5a18a29791cfb18767a43bebb61f923e64be7988235213678514007174f60b3e | 2025-06-20 | |
| FileHash-SHA1 | 0aa097bc61e7201fe67d793615e1d561a1633158 | SHA1 of f73164bd4d2a475f79fb7d0806cfc3ddb510015f9161e7dce537d90956c11393 | 2025-06-20 | |
| FileHash-SHA1 | 1b5e2b292ea3d2a958c4c128fad7304f2e7146f8 | SHA1 of 3c2ea04090ad8c28116c42a9a2be5b240f135ac184e5a2c121b4eb311a7bf075 | 2025-06-20 | |
| FileHash-SHA1 | 23cf29e451394d1824046335b2c85eaa2b6e4d0b | SHA1 of a66c25b1f0dea6e06a4c9f8c5f6ebba0f6c21bd3b9cc326a56702db30418f189 | 2025-06-20 | |
| FileHash-SHA1 | 27ba9dd24b57ae45766f2acdb5906e105abdad6a | SHA1 of d7a61ab1b1eadd3b34386ec2a96324195ec25cd71fe4e5d9a8f993a6bd52eb92 | 2025-06-20 | |
| FileHash-SHA1 | 2de74ebd51ff9a5daf2f3fe4c8ee5e54031f3cae | SHA1 of 7a37e2d6dc941386d1f300bac48056030f37c950bcd441d83eca708d2beab939 | 2025-06-20 | |
| FileHash-SHA1 | 37b416070f37e8acdf062fee77ec165f1d403f54 | SHA1 of 945e4f78196ef3a5548996a8d09e4220b779a2e78d40a86d64f233f7908550e6 | 2025-06-20 | |
| FileHash-SHA1 | 3c0b1087394f1584a53ae19a60eeee26adf5323a | SHA1 of bcdc99e0f17486aa5a5faa0b9e7d7ccbeaa5372626733433214bb722ba260234 | 2025-06-20 | |
| FileHash-SHA1 | 3d7a1f6dc7cc2a36e4454ad60604abc604aa9a0b | SHA1 of 8a000aa43c17250dd02f842bc2ab37e47dd8d68da0d59753943df8b37004b701 | 2025-06-20 | |
| FileHash-SHA1 | 60dfa8a864d899f959c9b7e6699ee761bdb51afa | SHA1 of 02783530bbd8416ebc82ab1eb5bbe81d5d87731d24c6ff6a8e12139a5fe33cee | 2025-06-20 | |
| FileHash-SHA1 | 7340595fbe35abdd89f922e9d6f9aa1c2e508085 | SHA1 of 45980cc8afb4e1b3738130d0855bb608530eef6731c5116fd053ac6e04159725 | 2025-06-20 | |
| FileHash-SHA1 | 79838c16bc6a14b320757bf5529a62cda91078d2 | SHA1 of 3b0a3bd5b790e5f130e7819550613b7e0194a3475f553285a1b7dc18ecca9d02 | 2025-06-20 | |
| FileHash-SHA1 | 83eaa684f63a4c763c8bf2ab4c253d63b66d0d82 | SHA1 of 97d1bd607b4dc00c356dd873cd4ac309e98f2bb17ae9a6791fc0a88bc056195a | 2025-06-20 | |
| FileHash-SHA1 | af2fbac78df72070756ef37275bc803a679b2b0b | SHA1 of 7a9f4ca13aed4d6d8ba430bc2b2f5ac2e4f9c7b5de2f5d2ba5aada211059da73 | 2025-06-20 | |
| FileHash-SHA1 | b6679e6aae4e92c94ff842bca46eba1dfae98417 | SHA1 of 9c9136fc8a279ce395997dd42c075e265c6daec14b13bbe4237a4178769d270e | 2025-06-20 | |
| FileHash-SHA1 | bff7eb5913c74ba9f86d42e3840927e49f918336 | SHA1 of 4b87b775cdb265ecd872a71be810d7816d0d8b54663b3c536862db098874f288 | 2025-06-20 | |
| FileHash-SHA1 | cb34b24cdb3bfc9143a9540570b163d3f1e6323b | SHA1 of 3589c871b56cf76ce28c6be914b206afe977ec13b0894f56e05c5772a3c7e495 | 2025-06-20 | |
| FileHash-SHA1 | ccf0e4ea0a1b694874e613233763b4a44b484276 | SHA1 of b7dad38a099947612fcc42c50f4ba1708af969a3222b3345bdff35323a41974d | 2025-06-20 | |
| FileHash-SHA1 | d8bc135d8f7ec590d7266fa6aa822c5eece93edc | SHA1 of ab8862628584aa429fe7614d1c674bbdf324fa2668c4d3c94670cf6b6db597f6 | 2025-06-20 | |
| FileHash-SHA1 | e5b9ce8d21cf3fbc418798dbee31844d72b566e6 | SHA1 of 9bfbf7618a2c5270d552f4deb69b56082cc7723433a1517678863363cb800161 | 2025-06-20 | |
| FileHash-SHA1 | eaff36b45885e1bdfb6f7556d10f6da2d42596d5 | SHA1 of 9e4e45e8f12db94997767bd3899968b9bc147bf08c062d3caea7f0864a67ea2c | 2025-06-20 | |
| FileHash-SHA1 | eb974d310c8f8671741dfbd12d6169b2448b4d00 | SHA1 of 8b0b62a31b348c5a2337ee69cfd3f68a427466539484f55f1cd2910237b59700 | 2025-06-20 | |
| FileHash-SHA1 | f0ac5afe2bab90bb8d46970cd3314fd14b9ed775 | SHA1 of be080777332ad1186fb8547a6a354b2beba62f2a24537eb7b79e849f084a95be | 2025-06-20 | |
| FileHash-SHA1 | f0f0cd3daa293efe460f52d105c4e997466af4e8 | SHA1 of d92b858d691c84b4e3752fdd46b5673fbd6b5af101a7111c1d8756c90271b732 | 2025-06-20 | |
| FileHash-SHA1 | f29b62682d0c5f26ae066436eaac66c67bf817a1 | SHA1 of b90b2d992b41d146e70b775e2bc0430b9f7fb0ed0cd285c59daea92c2fc6af0b | 2025-06-20 | |
| FileHash-SHA1 | f8dcc427ba2eb0ced9309cb0cbd2a830c381739a | SHA1 of 28f2fcece68822c38e72310c911ef007f8bd8fd711f2080844f666b7f371e9e1 | 2025-06-20 | |
| FileHash-SHA1 | fbb6d6238f32db94c9548d9ea8706e8a9fc5d6fa | SHA1 of 6347d70b73e1cabadf8af8602b22a8220ed5b7298dbc15f16eb7dd493d6c6a78 | 2025-06-20 | |
| FileHash-SHA1 | ffed85036056e45db502519f01227ea4005ca137 | SHA1 of f4d9547269e0cd7a0df97e394f688e0eb00b31965abd5e6ad67d373a7dc58f3b | 2025-06-20 | |
| FileHash-SHA256 | 02783530bbd8416ebc82ab1eb5bbe81d5d87731d24c6ff6a8e12139a5fe33cee | — | 2025-06-20 | |
| FileHash-SHA256 | 28f2fcece68822c38e72310c911ef007f8bd8fd711f2080844f666b7f371e9e1 | — | 2025-06-20 | |
| FileHash-SHA256 | 2ba3397cba28af1a929403910035b78bf946acbafe9e186ac329b55086fe7703 | — | 2025-06-20 | |
| FileHash-SHA256 | 3589c871b56cf76ce28c6be914b206afe977ec13b0894f56e05c5772a3c7e495 | — | 2025-06-20 | |
| FileHash-SHA256 | 3b0a3bd5b790e5f130e7819550613b7e0194a3475f553285a1b7dc18ecca9d02 | — | 2025-06-20 | |
| FileHash-SHA256 | 3c2ea04090ad8c28116c42a9a2be5b240f135ac184e5a2c121b4eb311a7bf075 | — | 2025-06-20 | |
| FileHash-SHA256 | 3c6476411d214d40d0cc43241f63e933f5a77991939de158df40d84d04b7aa78 | — | 2025-06-20 | |
| FileHash-SHA256 | 45980cc8afb4e1b3738130d0855bb608530eef6731c5116fd053ac6e04159725 | — | 2025-06-20 | |
| FileHash-SHA256 | 4b87b775cdb265ecd872a71be810d7816d0d8b54663b3c536862db098874f288 | — | 2025-06-20 | |
| FileHash-SHA256 | 4e45009f5b582ca404b197d28805e363a537856b55e39c5c806fcf05acd928ff | — | 2025-06-20 | |
| FileHash-SHA256 | 5097553dff2a2da4f16b80a346fe543422b22d262e0c40e187b345afbcc7d41a | — | 2025-06-20 | |
| FileHash-SHA256 | 5a18a29791cfb18767a43bebb61f923e64be7988235213678514007174f60b3e | — | 2025-06-20 | |
| FileHash-SHA256 | 6347d70b73e1cabadf8af8602b22a8220ed5b7298dbc15f16eb7dd493d6c6a78 | — | 2025-06-20 | |
| FileHash-SHA256 | 7a37e2d6dc941386d1f300bac48056030f37c950bcd441d83eca708d2beab939 | — | 2025-06-20 | |
| FileHash-SHA256 | 7a9f4ca13aed4d6d8ba430bc2b2f5ac2e4f9c7b5de2f5d2ba5aada211059da73 | — | 2025-06-20 | |
| FileHash-SHA256 | 85be5cc01f0e0127a26dceba76571a94335d00d490e5391ccef72e115c3301b3 | — | 2025-06-20 | |
| FileHash-SHA256 | 8a000aa43c17250dd02f842bc2ab37e47dd8d68da0d59753943df8b37004b701 | — | 2025-06-20 | |
| FileHash-SHA256 | 8b0b62a31b348c5a2337ee69cfd3f68a427466539484f55f1cd2910237b59700 | — | 2025-06-20 | |
| FileHash-SHA256 | 945e4f78196ef3a5548996a8d09e4220b779a2e78d40a86d64f233f7908550e6 | — | 2025-06-20 | |
| FileHash-SHA256 | 96df4f9cb5d9cacd6e3b947c61af9b8317194b1285936ce103f155e082290381 | — | 2025-06-20 | |
| FileHash-SHA256 | 97d1bd607b4dc00c356dd873cd4ac309e98f2bb17ae9a6791fc0a88bc056195a | — | 2025-06-20 | |
| FileHash-SHA256 | 9bfbf7618a2c5270d552f4deb69b56082cc7723433a1517678863363cb800161 | — | 2025-06-20 | |
| FileHash-SHA256 | 9c9136fc8a279ce395997dd42c075e265c6daec14b13bbe4237a4178769d270e | — | 2025-06-20 | |
| FileHash-SHA256 | 9e4e45e8f12db94997767bd3899968b9bc147bf08c062d3caea7f0864a67ea2c | — | 2025-06-20 | |
| FileHash-SHA256 | a66c25b1f0dea6e06a4c9f8c5f6ebba0f6c21bd3b9cc326a56702db30418f189 | — | 2025-06-20 | |
| FileHash-SHA256 | ab8862628584aa429fe7614d1c674bbdf324fa2668c4d3c94670cf6b6db597f6 | — | 2025-06-20 | |
| FileHash-SHA256 | accf50d769408253bf9a7da378228debce7c8f6d60fb76da48196fe42cacedf3 | — | 2025-06-20 | |
| FileHash-SHA256 | b103190c647ddd7d16766ee5af19e265f0e15d57e91a07b2a866f5b18178581c | — | 2025-06-20 | |
| FileHash-SHA256 | b7dad38a099947612fcc42c50f4ba1708af969a3222b3345bdff35323a41974d | — | 2025-06-20 | |
| FileHash-SHA256 | b90b2d992b41d146e70b775e2bc0430b9f7fb0ed0cd285c59daea92c2fc6af0b | — | 2025-06-20 | |
| FileHash-SHA256 | bcdc99e0f17486aa5a5faa0b9e7d7ccbeaa5372626733433214bb722ba260234 | — | 2025-06-20 | |
| FileHash-SHA256 | bdb272189a7cdcf166fce130d58b794b242c582032f19369166b3d4cfdc0902c | — | 2025-06-20 | |
| FileHash-SHA256 | be080777332ad1186fb8547a6a354b2beba62f2a24537eb7b79e849f084a95be | — | 2025-06-20 | |
| FileHash-SHA256 | c356cd9fea07353a0ee4dfd4652bf79111b70790e7ed63df6b31d7ec2f5953d5 | — | 2025-06-20 | |
| FileHash-SHA256 | d7a61ab1b1eadd3b34386ec2a96324195ec25cd71fe4e5d9a8f993a6bd52eb92 | — | 2025-06-20 | |
| FileHash-SHA256 | d92b858d691c84b4e3752fdd46b5673fbd6b5af101a7111c1d8756c90271b732 | — | 2025-06-20 | |
| FileHash-SHA256 | eb68ed54e543c18070e5cc93a27db4a508d79016c09e28a47260ca080110328f | — | 2025-06-20 | |
| FileHash-SHA256 | ef0ce406fa722d30bfa094c660e81ed4a72ff8c75a629081293f4a86e0e587c2 | — | 2025-06-20 | |
| FileHash-SHA256 | f4d9547269e0cd7a0df97e394f688e0eb00b31965abd5e6ad67d373a7dc58f3b | — | 2025-06-20 | |
| FileHash-SHA256 | f73164bd4d2a475f79fb7d0806cfc3ddb510015f9161e7dce537d90956c11393 | — | 2025-06-20 | |
| URL | http://131.153.13.235/service/ | — | 2025-06-20 | |
| URL | http://131.153.13.235/sp/ | — | 2025-06-20 | |
| URL | http://cdn.glitch.global/17443dac-272c-421c-80ac-53a3695ede0e/ | — | 2025-06-20 | |
| URL | http://cdn.glitch.global/2eefa6a0-44ff-4979-9a9c-689be652996d/ | — | 2025-06-20 | |
| URL | http://cdn.glitch.global/4ab4f138-6f66-4b39-a7dc-9d4843dcf34f/ | — | 2025-06-20 | |
| URL | http://cdn.glitch.global/59e3786e-8284-4f16-8844-134b12e58b6f/ | — | 2025-06-20 | |
| URL | http://cdn.glitch.global/c97fe797-45c1-473b-a2f8-3c0c8bb431af/ | — | 2025-06-20 | |
| URL | http://secservice.ddns.net/service2/ | — | 2025-06-20 | |
| URL | http://srvdown.ddns.net/service3/ | — | 2025-06-20 | |
| domain | self.map | — | 2025-06-20 | |
| hostname | cdn.glitch.global | — | 2025-06-20 | |
| hostname | secservice.ddns.net | — | 2025-06-20 | |
| hostname | srvdown.ddns.net | — | 2025-06-20 |