Overview

overview

10

Static

static

3

7507f45ff8...56.exe

windows7-x64

10

7507f45ff8...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7507f45ff8c48e362bf6a3a405f66d56

  • Size

    877KB

  • Sample

    240125-vg9nyabbc8

  • MD5

    7507f45ff8c48e362bf6a3a405f66d56

  • SHA1

    c0a0fcaa53087e19af14385d50b66d3fe52fdac7

  • SHA256

    6b9396f8912fe692f2064622c5bedbec1cb64eb00a23e0352f99c4732a67ba5b

  • SHA512

    88a19324901da6c3889c9e706dcffe76bf6cefad05b85e1efa45d130c33bccc24044a35cb3f7f8e510d6bc7b8f4d194358a9481d6632952d0ab1c9ce042b1cff

  • SSDEEP

    6144:UZfec9EbXDk6RklKI/UOPSe570Szp3Znmy+g4g/UOPSe570Szp3sGFrQZb++tdsY:UZWtI6RkeOB06UOB03erQZb+md4w1UM

Score
10/10
kinsingevasionloaderpersistence

Malware Config

Targets

    • Target

      7507f45ff8c48e362bf6a3a405f66d56

    • Size

      877KB

    • MD5

      7507f45ff8c48e362bf6a3a405f66d56

    • SHA1

      c0a0fcaa53087e19af14385d50b66d3fe52fdac7

    • SHA256

      6b9396f8912fe692f2064622c5bedbec1cb64eb00a23e0352f99c4732a67ba5b

    • SHA512

      88a19324901da6c3889c9e706dcffe76bf6cefad05b85e1efa45d130c33bccc24044a35cb3f7f8e510d6bc7b8f4d194358a9481d6632952d0ab1c9ce042b1cff

    • SSDEEP

      6144:UZfec9EbXDk6RklKI/UOPSe570Szp3Znmy+g4g/UOPSe570Szp3sGFrQZb++tdsY:UZWtI6RkeOB06UOB03erQZb+md4w1UM

    Score
    10/10
    evasionpersistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks