Overview

overview

10

Static

static

3

74f41ef794...a8.exe

windows7-x64

10

74f41ef794...a8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74f41ef79426aa52f86d56ccf4cc21a8

  • Size

    124KB

  • Sample

    240125-tstlesaeb8

  • MD5

    74f41ef79426aa52f86d56ccf4cc21a8

  • SHA1

    b1569c80227c783c8a43c96fa8c2fd479382148d

  • SHA256

    0c743cd6bd26bc4b3386cbbfd9dffef730354f6e9b17fe2e5783f6faa2eb27af

  • SHA512

    dba6c8bebb1f50154947909735be99306c73c11341580748dcc0105814ecc986abfad7d988153d27457f5aa04173b78deb04bc53ebe4b1e497402266e98e29b9

  • SSDEEP

    1536:vWtkjiTQbuvU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VewNeG0h/l:skjBbAU0GgAT98t

Score
10/10
kinsingevasionloaderpersistence

Malware Config

Targets

    • Target

      74f41ef79426aa52f86d56ccf4cc21a8

    • Size

      124KB

    • MD5

      74f41ef79426aa52f86d56ccf4cc21a8

    • SHA1

      b1569c80227c783c8a43c96fa8c2fd479382148d

    • SHA256

      0c743cd6bd26bc4b3386cbbfd9dffef730354f6e9b17fe2e5783f6faa2eb27af

    • SHA512

      dba6c8bebb1f50154947909735be99306c73c11341580748dcc0105814ecc986abfad7d988153d27457f5aa04173b78deb04bc53ebe4b1e497402266e98e29b9

    • SSDEEP

      1536:vWtkjiTQbuvU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VewNeG0h/l:skjBbAU0GgAT98t

    Score
    10/10
    evasionpersistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks