Overview

overview

10

Static

static

7

75200e77fb...f1.exe

windows7-x64

8

75200e77fb...f1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    75200e77fbdd79b413d51974e55051f1

  • Size

    10KB

  • Sample

    240125-wbb16achcr

  • MD5

    75200e77fbdd79b413d51974e55051f1

  • SHA1

    7286e784b8e3326a1a632466af3a7155772509c6

  • SHA256

    039cf530dca66ff431f96f937d88084af001b44ed504ca0458c699a42d89422b

  • SHA512

    04efdf17b8a454d27d6ad3147aacf04e8bc27b1f45bc7c789fb4650a13c2ac29b3cd8faded3122752a6e17106735c542523fbbb4ce902237567cbc1cd64aef42

  • SSDEEP

    192:DIysA/4ZJDPuuxDQNQ2spwlqZif/R/J9a+GGzDR3dD+l2+D2Dg+:DIysAwZJWNNvVqZkRjNDDxdD+lBD2s+

Score
10/10
kinsingloaderpersistenceupx

Malware Config

Targets

    • Target

      75200e77fbdd79b413d51974e55051f1

    • Size

      10KB

    • MD5

      75200e77fbdd79b413d51974e55051f1

    • SHA1

      7286e784b8e3326a1a632466af3a7155772509c6

    • SHA256

      039cf530dca66ff431f96f937d88084af001b44ed504ca0458c699a42d89422b

    • SHA512

      04efdf17b8a454d27d6ad3147aacf04e8bc27b1f45bc7c789fb4650a13c2ac29b3cd8faded3122752a6e17106735c542523fbbb4ce902237567cbc1cd64aef42

    • SSDEEP

      192:DIysA/4ZJDPuuxDQNQ2spwlqZif/R/J9a+GGzDR3dD+l2+D2Dg+:DIysAwZJWNNvVqZkRjNDDxdD+lBD2s+

    Score
    10/10
    persistenceupxkinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Modifies AppInit DLL entries

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks