Overview

overview

10

Static

static

3

74f99f20fe...75.exe

windows7-x64

10

74f99f20fe...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74f99f20fec0194ccd0544ad42965175

  • Size

    444KB

  • Sample

    240125-t1mg3sbeeq

  • MD5

    74f99f20fec0194ccd0544ad42965175

  • SHA1

    0e6e236524c2ef02d74d25b8a686fdc660651285

  • SHA256

    d002e61eb33b500340e5cf915fa124b81263671d9586b76eb622ffb7c532f7a4

  • SHA512

    3d12018cb30870e9c1b1f9043dc347249eb24dd68cedf1df7af3142d5bf4be099fcd28717ad85ca8573fab392eb2aee19d8f6756a31c45709d611d0dff4fd826

  • SSDEEP

    6144:zH1mpm3rzOh6yetgGWnXmQ21thAzCnTWQm/zMIH+e/iRRGNEwy0Zn:TzOKtg2Z3TTWQ0H+LRRyD

Score
10/10
kinsingevasionloaderpersistence

Malware Config

Targets

    • Target

      74f99f20fec0194ccd0544ad42965175

    • Size

      444KB

    • MD5

      74f99f20fec0194ccd0544ad42965175

    • SHA1

      0e6e236524c2ef02d74d25b8a686fdc660651285

    • SHA256

      d002e61eb33b500340e5cf915fa124b81263671d9586b76eb622ffb7c532f7a4

    • SHA512

      3d12018cb30870e9c1b1f9043dc347249eb24dd68cedf1df7af3142d5bf4be099fcd28717ad85ca8573fab392eb2aee19d8f6756a31c45709d611d0dff4fd826

    • SSDEEP

      6144:zH1mpm3rzOh6yetgGWnXmQ21thAzCnTWQm/zMIH+e/iRRGNEwy0Zn:TzOKtg2Z3TTWQ0H+LRRyD

    Score
    10/10
    evasionpersistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks