Overview

overview

10

Static

static

7

74f6e14d62...6f.exe

windows7-x64

7

74f6e14d62...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74f6e14d62376305731f07853f1e6e6f

  • Size

    923KB

  • Sample

    240125-txecasafa4

  • MD5

    74f6e14d62376305731f07853f1e6e6f

  • SHA1

    d51fbe18da0679cad024098bd7bbae36869c639b

  • SHA256

    cfeead1220c5b887be80a9564014bad9ae354a808b6c71217c058909050e298a

  • SHA512

    565a0c67a4e71022eb17dce1c19e1c1ff1ffd42e5ac48ebad744d29e161cccab0c808988a2359b9c80c9bb44b6c464536de51da6b68aeeca7a14143fd217a83f

  • SSDEEP

    24576:9UTqgKQUfoZb3jVVnzY3ITX5uQIPBIrdtP39xhulPzDuMtLev:9LGUopBVz1HIZOtHgpz

Score
10/10
kinsingevasionloaderpersistencethemida

Malware Config

Targets

    • Target

      74f6e14d62376305731f07853f1e6e6f

    • Size

      923KB

    • MD5

      74f6e14d62376305731f07853f1e6e6f

    • SHA1

      d51fbe18da0679cad024098bd7bbae36869c639b

    • SHA256

      cfeead1220c5b887be80a9564014bad9ae354a808b6c71217c058909050e298a

    • SHA512

      565a0c67a4e71022eb17dce1c19e1c1ff1ffd42e5ac48ebad744d29e161cccab0c808988a2359b9c80c9bb44b6c464536de51da6b68aeeca7a14143fd217a83f

    • SSDEEP

      24576:9UTqgKQUfoZb3jVVnzY3ITX5uQIPBIrdtP39xhulPzDuMtLev:9LGUopBVz1HIZOtHgpz

    Score
    10/10
    evasionpersistencethemidakinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks