General
-
Target
751d870aa39047bca3a7e6cca0e11303
-
Size
11.4MB
-
Sample
240125-v8bwzscgdr
-
MD5
751d870aa39047bca3a7e6cca0e11303
-
SHA1
6220cacde3e1f98a5a1813ae7324ba951bcbe895
-
SHA256
47ce762a85469542401e2cdede7e409f236cca6d8c2f77337bdc31a31ad9f6c8
-
SHA512
5e553ba1c774731d30a79f406a9f21a6a7af393ac7a7cdc0598e4e672ebb4b9b88f716a9ecef86252aaa615df256ba37f874bf7f2eb6c2413be9b45a8e54a487
-
SSDEEP
12288:hTAazcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcn:9
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
751d870aa39047bca3a7e6cca0e11303
-
Size
11.4MB
-
MD5
751d870aa39047bca3a7e6cca0e11303
-
SHA1
6220cacde3e1f98a5a1813ae7324ba951bcbe895
-
SHA256
47ce762a85469542401e2cdede7e409f236cca6d8c2f77337bdc31a31ad9f6c8
-
SHA512
5e553ba1c774731d30a79f406a9f21a6a7af393ac7a7cdc0598e4e672ebb4b9b88f716a9ecef86252aaa615df256ba37f874bf7f2eb6c2413be9b45a8e54a487
-
SSDEEP
12288:hTAazcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcHzcn:9
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2