General
-
Target
Wave Browser_1e3lrpoh_.exe.7z
-
Size
900KB
-
Sample
240125-vchdwsbhbm
-
MD5
ba5a47d4e49962b3da2de7b0d5e3faaf
-
SHA1
5b9feefa22eb45c4d01e2ce171b41b592a0dfb80
-
SHA256
629e30cc69fe1ca778129569caab2b88e3f6f11d962cba9709b708b1161d4c08
-
SHA512
f8bf09c5ffdeac622916f4b1f1ba74c6acb373e2ab0e16d115573f91a1b913c06543535241e1679d2cdd924263296f0c10761b03fa66ae39f321a11fc15dda91
-
SSDEEP
24576:rw0IcVP0Sta1aXrQstF33XWALu4v0cuYyHG:kY0BkXrfnGkuNxG
Malware Config
Targets
-
-
Target
Wave Browser_1e3lrpoh_.exe
-
Size
933KB
-
MD5
0ba8624751a1bf840c47ba2533e28be1
-
SHA1
e71af61818b4af6e7133da4a05c625351fc3dc26
-
SHA256
aeb9d413a9ff4b4e4b98a238484120e8a61b3eedc5bd12a6a1435d8be5874e44
-
SHA512
7419476f4e1a419b003aa8588d7e9611171189dc88df72eb0044b85364fc305244c8a2cf0fe2ba9baaa98f7425327d618d62e5a2f16ff593a90806d53828df98
-
SSDEEP
24576:pL1xSce4Ld2DfO43kBI4D/ahIYgY6vfNPfU6y/LhSib:kz4LduO43AIBKpXvfRfIb
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-