kinsing | bde72889e6726e74c922375df348762679081c38c2e60a34481635a4cdaa76cc | Triage

Submit
Reports

Overview

overview

Static

static

7

75119fe9f8...ab.exe

windows7-x64

9

75119fe9f8...ab.exe

windows10-2004-x64

Sharing

General

Target

75119fe9f878feee28e29601e9fbe6ab
Size

9.0MB
Sample

240125-vs8wsacchp
MD5

75119fe9f878feee28e29601e9fbe6ab
SHA1

24a48b0309a58f226fc54206cc1c37b16085ad02
SHA256

bde72889e6726e74c922375df348762679081c38c2e60a34481635a4cdaa76cc
SHA512

3dc098c95f9abbbee4ae4a49221da51592ab791f073a860d21f0c45bb584a95e9dd6b106742996dbeea7ed75f2d691271839909963f25877bed7406639cf2fd6
SSDEEP

196608:jFdhCokh2aPWzqHcveCucAgb6lPkJBw2x25Ejp:jFdhVSW+iejcAs6lMJ62g5k

Score

10^/10

kinsing evasion loader themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

75119fe9f878feee28e29601e9fbe6ab.exe

Resource

win7-20231129-en

evasion themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

75119fe9f878feee28e29601e9fbe6ab.exe

Resource

win10v2004-20231222-en

kinsing evasion loader themida trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  75119fe9f878feee28e29601e9fbe6ab
- Size
  
  9.0MB
- MD5
  
  75119fe9f878feee28e29601e9fbe6ab
- SHA1
  
  24a48b0309a58f226fc54206cc1c37b16085ad02
- SHA256
  
  bde72889e6726e74c922375df348762679081c38c2e60a34481635a4cdaa76cc
- SHA512
  
  3dc098c95f9abbbee4ae4a49221da51592ab791f073a860d21f0c45bb584a95e9dd6b106742996dbeea7ed75f2d691271839909963f25877bed7406639cf2fd6
- SSDEEP
  
  196608:jFdhCokh2aPWzqHcveCucAgb6lPkJBw2x25Ejp:jFdhVSW+iejcAs6lMJ62g5k
Score

10^/10

evasion themida trojan kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

kinsingevasionloaderthemidatrojan

© 2018-2024

Terms | Privacy