Overview

overview

10

Static

static

3

75025eb441...30.exe

windows7-x64

7

75025eb441...30.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

10

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

10

$PLUGINSDI...r.html

windows7-x64

1

$PLUGINSDI...r.html

windows10-2004-x64

10

$TEMP/Real...pi.dll

windows7-x64

3

$TEMP/Real...pi.dll

windows10-2004-x64

10

$TEMP/Real...pi.dll

windows7-x64

3

$TEMP/Real...pi.dll

windows10-2004-x64

10

$TEMP/gupp...nt.exe

windows7-x64

7

$TEMP/gupp...nt.exe

windows10-2004-x64

10

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

10

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

10

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

10

$PLUGINSDI...SON.js

windows7-x64

1

$PLUGINSDI...SON.js

windows10-2004-x64

10

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75025eb441ba67a618493bea321c6b30

  • Size

    2.2MB

  • Sample

    240125-vbmxzsbghn

  • MD5

    75025eb441ba67a618493bea321c6b30

  • SHA1

    c439441258e2a812944542cc5f3dfd934b6e68eb

  • SHA256

    2bcc5dfa32e627a0913c1a00e3c5cae1fc428c276d51c3abc26a4644d3c3a0fb

  • SHA512

    dc64d706970a9a1e3d12182e6986e6a46c70c98d0b163c9cd7ec2e3625815783eebda1e2a685f14fc63ba2f39e3323bbd4e0e4ff446c40a5e85db82a1bea9495

  • SSDEEP

    49152:dl1zj0je57rJ21xPBrNThjte/Vn6uYdJ6WZznO7t4uH4LcVfYFVcxwpG72DwNVj:v1zj0IUlThjSV6umJpznO76cVwiD

Score
10/10
kinsingloaderspywarestealer

Malware Config

Targets

    • Target

      75025eb441ba67a618493bea321c6b30

    • Size

      2.2MB

    • MD5

      75025eb441ba67a618493bea321c6b30

    • SHA1

      c439441258e2a812944542cc5f3dfd934b6e68eb

    • SHA256

      2bcc5dfa32e627a0913c1a00e3c5cae1fc428c276d51c3abc26a4644d3c3a0fb

    • SHA512

      dc64d706970a9a1e3d12182e6986e6a46c70c98d0b163c9cd7ec2e3625815783eebda1e2a685f14fc63ba2f39e3323bbd4e0e4ff446c40a5e85db82a1bea9495

    • SSDEEP

      49152:dl1zj0je57rJ21xPBrNThjte/Vn6uYdJ6WZznO7t4uH4LcVfYFVcxwpG72DwNVj:v1zj0IUlThjSV6umJpznO76cVwiD

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      d765c492c21689e3d9d61634371fd861

    • SHA1

      ac200933671ae52c9d5544d0e2e8e9144d286c83

    • SHA256

      551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    • SHA512

      9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    • SSDEEP

      192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB

    Score
    10/10
    kinsingloader
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      fe24766ba314f620d57d0cf7339103c0

    • SHA1

      8641545f03f03ff07485d6ec4d7b41cbb898c269

    • SHA256

      802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    • SHA512

      60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    • SSDEEP

      192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB

    Score
    10/10
    kinsingloader
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsWeb.dll

    • Size

      8KB

    • MD5

      5810e9ea674dc7d288918ad549b5296b

    • SHA1

      cf0ccb741de2ab9444d6eddca7cdcdc550e0fd49

    • SHA256

      424432227dfb043358f42b0922031abc9290a61d5bce19660ab00096c354a61c

    • SHA512

      b1a6ac0f6548b9738745d39268162efb614a5b57ea70e53a6b011246259bb4825cd02a80b6ee0195f57acb19bcbbfc1f1cfe4adfd058449090bea1f5aa02f74b

    • SSDEEP

      96:q8ry1ZQH+wi1iz1roNrwXTP85cCNLLBeN1X7bHwXwPoLj7ictVtWEjFUt3jR6ntr:qn1ZHoiiwBeN1X7rwAMj2rI+Kt

    Score
    10/10
    kinsingloader
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/offer.html

    • Size

      1KB

    • MD5

      8b6a66cd5395f891ff495d3d5b26212a

    • SHA1

      f1b28983589d11e7928521e3830dc5eef43d8615

    • SHA256

      6f0f91418e04c0fb1af6c0840c27f33b00a64f434a80d13b4daa3ce9c61c0a34

    • SHA512

      a535088200c3077a64bff04910475b36df56b2b7c0f8121201c7524ba6fcaf75cb55c0a46b8cb2b8697a37f73df1c5fafb292eb9d554b51ad2a486ba2513f2ac

    Score
    10/10
    kinsingloader
    behavioral10behavioral9

    • Target

      $TEMP/RealCompat/gcapi.dll

    • Size

      62KB

    • MD5

      a689eb4192ac28683b18c4e81b32559a

    • SHA1

      aa436608c0e1a1a21153346a046ff00ee60aff1d

    • SHA256

      cb81506dcb4de19a8c300ee010061845a7f20448c2387ae845f2d2099b54c981

    • SHA512

      992c8f6e441e096c5def826c5665469b89642b0fc9a381f2cf63a98eb08bd58e4186a3a615078cd2775b78240f519c27501f46dea40e9b8b82b6d91b95d5ed17

    • SSDEEP

      768:sqn6Uu9UJwki/IKbRBxPRZpEzalO2RBgITg1g0sqpkkaTL16QP3u8Gf:serwkobRLOuOA/TgW01na/oQ/zO

    Score
    10/10
    kinsingloader
    behavioral11behavioral12

    • Target

      $TEMP/RealCompat/gtapi.dll

    • Size

      73KB

    • MD5

      64f15c1e67d305bf5522ece465019b50

    • SHA1

      c54d95b98dd0f32adccb46e1030d13ca81ea9aae

    • SHA256

      bdc0326c2864498243657cc2c76d31816c208f5b159f0991b3698f093cf64619

    • SHA512

      74710ce2f6473b61176c31a180c973b0ad39b6159772de13eb3fd9f0c40864884687ee47bd9e67c6667702f7a8c02c2f5f79e0e19a2a3d6b369e7246a03fb8c6

    • SSDEEP

      768:sGFTRxPgp0UelRo+gEzCbn5baZiskpOzLp/eJ77LBfefVkvgcS9TFgQXEVVkoLVQ:DTzPgUlYEOr5bnpMp/eJR4cSgQXkaohE

    Score
    10/10
    kinsingloader
    behavioral13behavioral14

    • Target

      $TEMP/guppy-silent.exe

    • Size

      446KB

    • MD5

      d2193271055d32aacaef3c1cf6375981

    • SHA1

      41298d52cc794495145bd20b3e5227f60903bae7

    • SHA256

      d2a3525c3f620def9c7817a8208da8e288d37aaa279d7aca84e5746c2d0bd27d

    • SHA512

      0a79b703963335a82cff75aa0d7720649a7ecc85883902838f57c105af39f5089ffd1ba81fa8e858277afda2b52e4c7ef8a1a45a4be265a8a372a8f4dec7dea9

    • SSDEEP

      12288:cLO0i1wDtCKrF2CChNxHHxmpcFbi0w0s/zW5eP32:cLO3ckKrcnmpchiIozWIP32

    Score
    10/10
    spywarestealerkinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/CustomLicense.dll

    • Size

      3KB

    • MD5

      3c4c9b038c7eb5223691586a42415fef

    • SHA1

      53eb3587f5313f9aae5aea8b92f7ceb45db19fc6

    • SHA256

      60f9263a1693ae5a18523ee5d0f37e512882edaea2b84a028279d7fe5bb305ae

    • SHA512

      a07843d793811ca6ea9be734c458209a1bb224297743e23304f48b65f38ea9ae5a570f99b5c23642431ecb5cb30bcb43848bb92e6529395c232c63f641143250

    Score
    10/10
    kinsingloader
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      6KB

    • MD5

      5264f7d6d89d1dc04955cfb391798446

    • SHA1

      211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

    • SHA256

      7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

    • SHA512

      80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

    • SSDEEP

      96:E12Z84uiwpGTVTDSpaHYfniz0R3GhCvXY6Ix5vdR7pBi46AQ5Vu4:2STVTGwYhR3GhCvy5vH7pBi46AQ5Vu

    Score
    10/10
    kinsingloader
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    10/10
    kinsingloader
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/Math.dll

    • Size

      66KB

    • MD5

      b140459077c7c39be4bef249c2f84535

    • SHA1

      c56498241c2ddafb01961596da16d08d1b11cd35

    • SHA256

      0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

    • SHA512

      fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

    • SSDEEP

      1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t

    Score
    10/10
    kinsingloader
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    10/10
    kinsingloader
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    10/10
    kinsingloader
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/TrackJSON.js

    • Size

      1KB

    • MD5

      2492690006d3eecd22c1301a2c4fc6d5

    • SHA1

      080f02b347f7b810778cf63d527f781cf5aec218

    • SHA256

      9e03233a11a33bbd519594401d5376658959ec845661ceecd5562ad22a23074f

    • SHA512

      58bb53cea60e292518698c956851dc11f1175c142a31b62fd46c1e60157fc12ba0a97863fe60b38b0dceb60aaaafcb65ff8521403302ccb890d4d36048aeb9a0

    Score
    10/10
    kinsingloader
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      2f94245152dbd233e248909f9c01c578

    • SHA1

      ab4e5879c001b36a2f9ff214946599fd015edda9

    • SHA256

      4c4d85eb9725fc7fade03467990e3dd9671c29a7870c97e69babc2cb3c9adef9

    • SHA512

      f92830de27d6663be5e0df9e32cd88732bc7ee93b14c1ded65258c325d22436400801aff1124f40400c6c3b3c16e71deb08436714716f3888d13a8a6b6a32231

    • SSDEEP

      384:vBCwUYeQ8geEQyhUtXlcgCHe8DSMk8/UhU7ya4L+0Ac9khYLMkIX0+GvRgbJ1:owUEpet1cgCHe8DNN/UhUua4L

    Score
    10/10
    kinsingloader
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

kinsingloader
Score
10/10

behavioral3

Score
3/10

behavioral4

kinsingloader
Score
10/10

behavioral5

Score
3/10

behavioral6

kinsingloader
Score
10/10

behavioral7

Score
3/10

behavioral8

kinsingloader
Score
10/10

behavioral9

Score
1/10

behavioral10

kinsingloader
Score
10/10

behavioral11

Score
3/10

behavioral12

kinsingloader
Score
10/10

behavioral13

Score
3/10

behavioral14

kinsingloader
Score
10/10

behavioral15

spywarestealer
Score
7/10

behavioral16

kinsingloaderspywarestealer
Score
10/10

behavioral17

Score
3/10

behavioral18

kinsingloader
Score
10/10

behavioral19

Score
3/10

behavioral20

kinsingloader
Score
10/10

behavioral21

Score
3/10

behavioral22

kinsingloader
Score
10/10

behavioral23

Score
3/10

behavioral24

kinsingloader
Score
10/10

behavioral25

Score
3/10

behavioral26

kinsingloader
Score
10/10

behavioral27

Score
3/10

behavioral28

kinsingloader
Score
10/10

behavioral29

Score
1/10

behavioral30

kinsingloader
Score
10/10

behavioral31

Score
3/10

behavioral32

kinsingloader
Score
10/10