kinsing | f2e90fc1ea4cc1588d80ef1ba1bbda758b3937c1f07d4e889ef2612f0ba558f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-01-25...er.exe

windows7-x64

1

2024-01-25...er.exe

windows10-2004-x64

Sharing

General

Target

2024-01-25_aa356d7ab88e6871a916fbfdb4eb1ff3_floxif_magniber
Size

4.3MB
Sample

240125-s7yy1sahej
MD5

aa356d7ab88e6871a916fbfdb4eb1ff3
SHA1

2d21457dd3e462129115c2b04e6c34c427c889cf
SHA256

f2e90fc1ea4cc1588d80ef1ba1bbda758b3937c1f07d4e889ef2612f0ba558f1
SHA512

6ac8c0a802637b67f817144254f1410e543434ff00150c8bfa1f287b05f7993d40a3ec3a52d1edabe4e8623bcc513a91b8497329ac1d754c7f9ba345e17d37dc
SSDEEP

98304:esbltXkUt5hD3oZerXSFSYGBDVfSXNiu0fEL8e:RJtpLdL2xlkueEL8e

Score

10^/10

kinsing sality backdoor loader upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-01-25_aa356d7ab88e6871a916fbfdb4eb1ff3_floxif_magniber.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-01-25_aa356d7ab88e6871a916fbfdb4eb1ff3_floxif_magniber.exe

Resource

win10v2004-20231222-en

kinsing sality backdoor loader upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  2024-01-25_aa356d7ab88e6871a916fbfdb4eb1ff3_floxif_magniber
- Size
  
  4.3MB
- MD5
  
  aa356d7ab88e6871a916fbfdb4eb1ff3
- SHA1
  
  2d21457dd3e462129115c2b04e6c34c427c889cf
- SHA256
  
  f2e90fc1ea4cc1588d80ef1ba1bbda758b3937c1f07d4e889ef2612f0ba558f1
- SHA512
  
  6ac8c0a802637b67f817144254f1410e543434ff00150c8bfa1f287b05f7993d40a3ec3a52d1edabe4e8623bcc513a91b8497329ac1d754c7f9ba345e17d37dc
- SSDEEP
  
  98304:esbltXkUt5hD3oZerXSFSYGBDVfSXNiu0fEL8e:RJtpLdL2xlkueEL8e
Score

10^/10

kinsing sality backdoor loader upx
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

kinsingsalitybackdoorloaderupx

© 2018-2024

Terms | Privacy