Overview

overview

10

Static

static

3

74f4e12c2d...ea.exe

windows7-x64

10

74f4e12c2d...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74f4e12c2d7e1f8a3d389b2dfd75d4ea

  • Size

    156KB

  • Sample

    240125-ttwgeaaee2

  • MD5

    74f4e12c2d7e1f8a3d389b2dfd75d4ea

  • SHA1

    c2d3a05c3d16d5191e4f6524768e3ed4d2412533

  • SHA256

    852ba07513c087e5885fc3320332825a0cc846eda7ff3c649e77f9a1abe477dc

  • SHA512

    2ac8a84e8f14d069c202b985061592e2486cedbbac1cd43e68250191efd5717a07d2213e182358d3a471d09447e8f7b9a03deb1a5f48cd21ef70f3af1eac5e86

  • SSDEEP

    3072:/Goe5g+GwD8w2+d5bWIrJ4E5n41sSLeH8ozK/d/18UlyG4oQZiEXrA:/2WIrJ4E5n41pVN/jhFWm

Score
10/10
kinsingevasionloaderpersistence

Malware Config

Targets

    • Target

      74f4e12c2d7e1f8a3d389b2dfd75d4ea

    • Size

      156KB

    • MD5

      74f4e12c2d7e1f8a3d389b2dfd75d4ea

    • SHA1

      c2d3a05c3d16d5191e4f6524768e3ed4d2412533

    • SHA256

      852ba07513c087e5885fc3320332825a0cc846eda7ff3c649e77f9a1abe477dc

    • SHA512

      2ac8a84e8f14d069c202b985061592e2486cedbbac1cd43e68250191efd5717a07d2213e182358d3a471d09447e8f7b9a03deb1a5f48cd21ef70f3af1eac5e86

    • SSDEEP

      3072:/Goe5g+GwD8w2+d5bWIrJ4E5n41sSLeH8ozK/d/18UlyG4oQZiEXrA:/2WIrJ4E5n41pVN/jhFWm

    Score
    10/10
    evasionpersistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks