Overview

overview

10

Static

static

3

7500726801...69.dll

windows7-x64

8

7500726801...69.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7500726801fcdeb8fdd4672960c76c69

  • Size

    385KB

  • Sample

    240125-t86kxsbgck

  • MD5

    7500726801fcdeb8fdd4672960c76c69

  • SHA1

    4cdb9e40f174c2c9c412cf46613c3794cda4b6ac

  • SHA256

    6e63e1d4089141ca0882c55f02974c27d75d22522524974d7c53cfb93290a863

  • SHA512

    8957d1c4edf7ee37ed2409bc0f2aa0bf8f0a06e03477706e4900682568bc7baa3b041929f109e3708804854302524b26214d1ca7f7e3b2b7c7078ecc1f81b568

  • SSDEEP

    6144:HzOIjTl9i3+klXABuQ0mE/+EnTSq5R/n6rCdlvZIrKuFkhJPAQ97LSWBLJvk2:HzVibtquH9THqednIrKuUP17LJ

Score
10/10
kinsingadwarebootkitloaderpersistencestealer

Malware Config

Targets

    • Target

      7500726801fcdeb8fdd4672960c76c69

    • Size

      385KB

    • MD5

      7500726801fcdeb8fdd4672960c76c69

    • SHA1

      4cdb9e40f174c2c9c412cf46613c3794cda4b6ac

    • SHA256

      6e63e1d4089141ca0882c55f02974c27d75d22522524974d7c53cfb93290a863

    • SHA512

      8957d1c4edf7ee37ed2409bc0f2aa0bf8f0a06e03477706e4900682568bc7baa3b041929f109e3708804854302524b26214d1ca7f7e3b2b7c7078ecc1f81b568

    • SSDEEP

      6144:HzOIjTl9i3+klXABuQ0mE/+EnTSq5R/n6rCdlvZIrKuFkhJPAQ97LSWBLJvk2:HzVibtquH9THqednIrKuUP17LJ

    Score
    10/10
    adwarebootkitpersistencestealerkinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks