Overview

overview

10

Static

static

3

75046532a0...66.exe

windows7-x64

10

75046532a0...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75046532a0f55ef469b1025194407966

  • Size

    673KB

  • Sample

    240125-vdthjsbhdr

  • MD5

    75046532a0f55ef469b1025194407966

  • SHA1

    689c5925d2dd3c58f01bd0578f618c4cd4b9f4c7

  • SHA256

    ba43722aeceafc5bd77177ab973b10b60b48ec88a49381c2019dd08c606b661e

  • SHA512

    98324e956268fc9672825a80b15147328130824d8c32ea9c45e645f675d82559d85109361e5594d53f8d1b5211377be75679ecf46f4e564491783e2be10b3801

  • SSDEEP

    12288:UZWtI6RkIkureZJys73dOvXDpNjNe8TOB0J9ggKF1mDaz+Wut:UuhaITeZJ8NI8TOzFUDaz+H

Score
10/10
kinsingevasionloaderpersistence

Malware Config

Targets

    • Target

      75046532a0f55ef469b1025194407966

    • Size

      673KB

    • MD5

      75046532a0f55ef469b1025194407966

    • SHA1

      689c5925d2dd3c58f01bd0578f618c4cd4b9f4c7

    • SHA256

      ba43722aeceafc5bd77177ab973b10b60b48ec88a49381c2019dd08c606b661e

    • SHA512

      98324e956268fc9672825a80b15147328130824d8c32ea9c45e645f675d82559d85109361e5594d53f8d1b5211377be75679ecf46f4e564491783e2be10b3801

    • SSDEEP

      12288:UZWtI6RkIkureZJys73dOvXDpNjNe8TOB0J9ggKF1mDaz+Wut:UuhaITeZJ8NI8TOzFUDaz+H

    Score
    10/10
    evasionpersistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks