Overview

overview

10

Static

static

1

61db24fb72...6e.exe

windows7-x64

7

61db24fb72...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61db24fb72e2e65b7b91a5632532f213aa75ab5018ef3ce7659af06c3d09856e

  • Size

    234KB

  • Sample

    240125-sywgjaafhq

  • MD5

    173890c3789cbc4ba26990426af09cc5

  • SHA1

    a387b150a6e2d69e913afe57e6cd16607b050e88

  • SHA256

    61db24fb72e2e65b7b91a5632532f213aa75ab5018ef3ce7659af06c3d09856e

  • SHA512

    74ae420fd6d6960256a0cf8a61aa6ad36ba0911bf8c30a8e0e68fd07e9a5f5aaf79ab9638d750b35566214df803d315d43719b1eb1d682020fe94ed701d299b1

  • SSDEEP

    3072:zwzvOYTga7/aKavT/DvbEvK9aobNI2B+Nl4jz+b0atWH1TmFtotpcat8iKdlVSTP:mg6/aK2h9H/B+rdBV+UdvrEFp7hKAt/

Score
10/10
kinsingloaderpersistenceupx

Malware Config

Targets

    • Target

      61db24fb72e2e65b7b91a5632532f213aa75ab5018ef3ce7659af06c3d09856e

    • Size

      234KB

    • MD5

      173890c3789cbc4ba26990426af09cc5

    • SHA1

      a387b150a6e2d69e913afe57e6cd16607b050e88

    • SHA256

      61db24fb72e2e65b7b91a5632532f213aa75ab5018ef3ce7659af06c3d09856e

    • SHA512

      74ae420fd6d6960256a0cf8a61aa6ad36ba0911bf8c30a8e0e68fd07e9a5f5aaf79ab9638d750b35566214df803d315d43719b1eb1d682020fe94ed701d299b1

    • SSDEEP

      3072:zwzvOYTga7/aKavT/DvbEvK9aobNI2B+Nl4jz+b0atWH1TmFtotpcat8iKdlVSTP:mg6/aK2h9H/B+rdBV+UdvrEFp7hKAt/

    Score
    10/10
    upxkinsingloaderpersistence

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies AppInit DLL entries

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks