Overview

overview

10

Static

static

3

74f5440599...e3.exe

windows7-x64

7

74f5440599...e3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74f54405991dc0d284f3158f9266d7e3

  • Size

    1.8MB

  • Sample

    240125-tt51vabddk

  • MD5

    74f54405991dc0d284f3158f9266d7e3

  • SHA1

    eb8b23809c1a72144ef5d3dbec92b8445b790795

  • SHA256

    e68b96f0e99e4b6aebbedd626fbb369c369c8507f5b5cea9013eb3e0ea83e23f

  • SHA512

    3087f74eed15eb522b7938da4859daf0d0af1d13adc1ad23810b599839e94cdc7074ab06a48fae0cce4d2958c5a94ffe799cb9ea1891877ef0b812bf4f1cbbd9

  • SSDEEP

    12288:OsD8BFyOmcNPYmzQ5J0T0aTE6chIoLXGtfbapRVczyu1jZ9sM2cTWzEOk0ksmVgX:FHcNPYDj0T0z6UsapRVclccTWwPdse

Score
10/10
kinsingloaderpersistence

Malware Config

Targets

    • Target

      74f54405991dc0d284f3158f9266d7e3

    • Size

      1.8MB

    • MD5

      74f54405991dc0d284f3158f9266d7e3

    • SHA1

      eb8b23809c1a72144ef5d3dbec92b8445b790795

    • SHA256

      e68b96f0e99e4b6aebbedd626fbb369c369c8507f5b5cea9013eb3e0ea83e23f

    • SHA512

      3087f74eed15eb522b7938da4859daf0d0af1d13adc1ad23810b599839e94cdc7074ab06a48fae0cce4d2958c5a94ffe799cb9ea1891877ef0b812bf4f1cbbd9

    • SSDEEP

      12288:OsD8BFyOmcNPYmzQ5J0T0aTE6chIoLXGtfbapRVczyu1jZ9sM2cTWzEOk0ksmVgX:FHcNPYDj0T0z6UsapRVclccTWwPdse

    Score
    10/10
    persistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks