Overview

overview

10

Static

static

3

7507fe5220...66.exe

windows7-x64

10

7507fe5220...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7507fe5220eb790cde2d3bac05a7a866

  • Size

    180KB

  • Sample

    240125-vha7rscadl

  • MD5

    7507fe5220eb790cde2d3bac05a7a866

  • SHA1

    938013c1286921e5bc62df878c459f1d23ccef3d

  • SHA256

    b348f53510d3561dff1105806dd185646d2c92f714e5bbe82b3ac270b199a10c

  • SHA512

    f71c7f5edfb9605a046da2951da5a6d9f5f6503ffc86f192e3a4818a8a1f36ea117a23a8a88f68637cb812aa24569c9602e85e9ec4180e7b3670c67e125cdb8e

  • SSDEEP

    1536:e/TX5TfjxKcbNMreYNFRxxGLvTLpKNDf880IpWur+uRPFYSUxBphF+wXP:6pTjKRabfgNkSrJRVUHF++

Score
10/10
kinsingevasionloaderpersistence

Malware Config

Targets

    • Target

      7507fe5220eb790cde2d3bac05a7a866

    • Size

      180KB

    • MD5

      7507fe5220eb790cde2d3bac05a7a866

    • SHA1

      938013c1286921e5bc62df878c459f1d23ccef3d

    • SHA256

      b348f53510d3561dff1105806dd185646d2c92f714e5bbe82b3ac270b199a10c

    • SHA512

      f71c7f5edfb9605a046da2951da5a6d9f5f6503ffc86f192e3a4818a8a1f36ea117a23a8a88f68637cb812aa24569c9602e85e9ec4180e7b3670c67e125cdb8e

    • SSDEEP

      1536:e/TX5TfjxKcbNMreYNFRxxGLvTLpKNDf880IpWur+uRPFYSUxBphF+wXP:6pTjKRabfgNkSrJRVUHF++

    Score
    10/10
    evasionpersistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks