Overview

overview

10

Static

static

3

7515f014c5...a7.exe

windows7-x64

7

7515f014c5...a7.exe

windows10-2004-x64

10

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

10

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

10

$TEMP/ea93...LR.exe

windows7-x64

7

$TEMP/ea93...LR.exe

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$TEMP/ea93...R0.exe

windows7-x64

7

$TEMP/ea93...R0.exe

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$TEMP/ea93...R1.exe

windows7-x64

7

$TEMP/ea93...R1.exe

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$TEMP/ea93...R2.exe

windows7-x64

7

$TEMP/ea93...R2.exe

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$TEMP/ea93...UB.exe

windows7-x64

7

$TEMP/ea93...UB.exe

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$TEMP/ea93...er.exe

windows7-x64

1

$TEMP/ea93...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7515f014c5d02671537ab656201d44a7

  • Size

    492KB

  • Sample

    240125-vy2pnabeh9

  • MD5

    7515f014c5d02671537ab656201d44a7

  • SHA1

    b01dc81ea2887260e40904f4f6a49279385e5071

  • SHA256

    25f6112ec52a8c04548bc8ad085f67015d163ced3551426783ce38bde20ded99

  • SHA512

    3a6f9eccad5302953e4a8c3c80e6a5c8adc5a8181e6c48103c547a66183444a87fb4a2b84dc2c1d18bc02d9b6c3688da1bbe7141f2af94c5c31f2c15e428b1ee

  • SSDEEP

    6144:/uk4fqjZSQqF6jtY03ZgLpp6TURimpBwXVUTL7E97IkXQxBRUoz0JehYvH7Aw0v9:J4fwC6peEUBwXVwM9vylzdYvH7AwC

Score
10/10
kinsingdiscoveryloader

Malware Config

Targets

    • Target

      7515f014c5d02671537ab656201d44a7

    • Size

      492KB

    • MD5

      7515f014c5d02671537ab656201d44a7

    • SHA1

      b01dc81ea2887260e40904f4f6a49279385e5071

    • SHA256

      25f6112ec52a8c04548bc8ad085f67015d163ced3551426783ce38bde20ded99

    • SHA512

      3a6f9eccad5302953e4a8c3c80e6a5c8adc5a8181e6c48103c547a66183444a87fb4a2b84dc2c1d18bc02d9b6c3688da1bbe7141f2af94c5c31f2c15e428b1ee

    • SSDEEP

      6144:/uk4fqjZSQqF6jtY03ZgLpp6TURimpBwXVUTL7E97IkXQxBRUoz0JehYvH7Aw0v9:J4fwC6peEUBwXVwM9vylzdYvH7AwC

    Score
    10/10
    discoverykinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      9KB

    • MD5

      225f776172f1baccd2721a6e5d512b36

    • SHA1

      2dbbc86f7b0285682880a627b56a75de09f4bed6

    • SHA256

      ecfcbe30f5b248673f9cbebb734b9981ed14b06380ea787c563d67b30e2d069e

    • SHA512

      4b99a5ac68122501a5913cf54bd3ae99d851d57656b0e136980122739cceef739fa2d5ea097f2442068b9489a4c25ea0884653c41d85f27f25996792bf6c21bb

    • SSDEEP

      192:MMr/9XGqK7s/AlHdJZBi46AQ5VuNxHA8/:MsXGqM93Bi46AQ5Vujg8/

    Score
    10/10
    kinsingloader
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      82KB

    • MD5

      cb1facc94ddb9f50fcfc176444d01063

    • SHA1

      3ddd287a0aa1e376b9b200ee546c3b68f1e48ec7

    • SHA256

      740889b170366dd60b93e0f381bc885be2a0591ea8905e48f9bd9830cb266436

    • SHA512

      5bd93e8e45b35c8d89040d01756a71890c1e8bd60b71e9945e8ccdd55e327816b596c03ea2222acee9c5f5edef85e5167403f4735e9303bfed8bfa739831d464

    • SSDEEP

      1536:nKHghY8sc+h3f3A9yBZgqCZMEeVDaDUg566Xo:KHghnsb7uCVGUg5jo

    Score
    10/10
    kinsingloader
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      35KB

    • MD5

      2cfba79d485cf441c646dd40d82490fc

    • SHA1

      83e51ac1115a50986ed456bd18729653018b9619

    • SHA256

      86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    • SHA512

      cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    • SSDEEP

      768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/

    Score
    10/10
    kinsingloader
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      9KB

    • MD5

      dad21928213e804133c6eed2b5402dbc

    • SHA1

      82fa0fe67dc55e22e2289800b2fca34bf59762d6

    • SHA256

      5f80c7ba031f546b69bd57071bdb5334760cde5afc43fe8271b9e6a3204ef390

    • SHA512

      8e8428f1bd5a81a447f8b892215d09d5695b1fcc9eb5bf0d9771a6989750feaa5957966fb444a24d78cf51ebb783d615348337e44b884c2e5d5f63d80551c9f3

    • SSDEEP

      192:lkhF3tTTxsMRRuWDxvsiwDc4veSQ4b95Q4huV+:lqFh9LRR7Z/oPX5QIuV+

    Score
    10/10
    kinsingloader
    behavioral10behavioral9

    • Target

      $TEMP/ea93f84f71645868ae95750ec74c6cae/downloaderDDLR.exe

    • Size

      58KB

    • MD5

      c7f6ed56312c8fbb58ae6ed445c38df4

    • SHA1

      e2dba94ef052db774478b9f7198c1a2298b334e5

    • SHA256

      fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24

    • SHA512

      ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43

    • SSDEEP

      1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    10/10
    kinsingloader
    behavioral13behavioral14

    • Target

      $TEMP/ea93f84f71645868ae95750ec74c6cae/downloaderOFFER0.exe

    • Size

      58KB

    • MD5

      c7f6ed56312c8fbb58ae6ed445c38df4

    • SHA1

      e2dba94ef052db774478b9f7198c1a2298b334e5

    • SHA256

      fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24

    • SHA512

      ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43

    • SSDEEP

      1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    10/10
    kinsingloader
    behavioral17behavioral18

    • Target

      $TEMP/ea93f84f71645868ae95750ec74c6cae/downloaderOFFER1.exe

    • Size

      58KB

    • MD5

      c7f6ed56312c8fbb58ae6ed445c38df4

    • SHA1

      e2dba94ef052db774478b9f7198c1a2298b334e5

    • SHA256

      fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24

    • SHA512

      ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43

    • SSDEEP

      1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    10/10
    kinsingloader
    behavioral21behavioral22

    • Target

      $TEMP/ea93f84f71645868ae95750ec74c6cae/downloaderOFFER2.exe

    • Size

      58KB

    • MD5

      c7f6ed56312c8fbb58ae6ed445c38df4

    • SHA1

      e2dba94ef052db774478b9f7198c1a2298b334e5

    • SHA256

      fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24

    • SHA512

      ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43

    • SSDEEP

      1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    10/10
    kinsingloader
    behavioral25behavioral26

    • Target

      $TEMP/ea93f84f71645868ae95750ec74c6cae/downloaderSTUB.exe

    • Size

      58KB

    • MD5

      c7f6ed56312c8fbb58ae6ed445c38df4

    • SHA1

      e2dba94ef052db774478b9f7198c1a2298b334e5

    • SHA256

      fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24

    • SHA512

      ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43

    • SSDEEP

      1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    10/10
    kinsingloader
    behavioral29behavioral30

    • Target

      $TEMP/ea93f84f71645868ae95750ec74c6cae/preinstaller.exe

    • Size

      213KB

    • MD5

      06baef00ae0f0e42fc5fea24fc4eac42

    • SHA1

      9161574590f09cfe4c24498827386ed57f2e8c58

    • SHA256

      19460c3c1b450286c68fba77086c561e740374ae5c44213dd2ec22dc52a430b8

    • SHA512

      29431ff9f16fdd4122a10dfec0f260a4397e776daae2ef17defae71e037f082d48d186a24d229c408c9d1b0b4f02aaeaa69011e44cf399795f9c09903ac51486

    • SSDEEP

      6144:f03ZgLpp6TURimpBwXVUTL7E97IkXQxBRUoz0JehYvq:ZEUBwXVwM9vylzdYvq

    Score
    10/10
    kinsingloader
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

kinsingloader
Score
10/10

behavioral3

Score
3/10

behavioral4

kinsingloader
Score
10/10

behavioral5

Score
3/10

behavioral6

kinsingloader
Score
10/10

behavioral7

Score
3/10

behavioral8

kinsingloader
Score
10/10

behavioral9

Score
3/10

behavioral10

kinsingloader
Score
10/10

behavioral11

Score
7/10

behavioral12

kinsingloader
Score
10/10

behavioral13

Score
3/10

behavioral14

kinsingloader
Score
10/10

behavioral15

Score
7/10

behavioral16

kinsingloader
Score
10/10

behavioral17

Score
3/10

behavioral18

kinsingloader
Score
10/10

behavioral19

Score
7/10

behavioral20

kinsingloader
Score
10/10

behavioral21

Score
3/10

behavioral22

kinsingloader
Score
10/10

behavioral23

Score
7/10

behavioral24

kinsingloader
Score
10/10

behavioral25

Score
3/10

behavioral26

kinsingloader
Score
10/10

behavioral27

Score
7/10

behavioral28

kinsingloader
Score
10/10

behavioral29

Score
3/10

behavioral30

kinsingloader
Score
10/10

behavioral31

Score
1/10

behavioral32

kinsingloader
Score
10/10