Overview

overview

10

Static

static

10

2024-01-25...er.exe

windows7-x64

9

2024-01-25...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_3489dda3478cb34b4024cd4376e0c9c8_cryptolocker

  • Size

    59KB

  • Sample

    240125-wdj5jschhr

  • MD5

    3489dda3478cb34b4024cd4376e0c9c8

  • SHA1

    df5e26acfbb1fa0d1fa4a49593a578d393c18688

  • SHA256

    43df89f3436e4539a5ec30aada203fa03c7897877c27b18eab987f056fcb039b

  • SHA512

    10f900511459e90f6b63130b293ed0ae09b20f573b3cb3c408edd114c4d3a6e20f3dc9e793dfccf047e5a46f85a003a78ff78133e2e14a42965f0399bb1e18b8

  • SSDEEP

    1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAuz:z6a+CdOOtEvwDpjQR

Score
10/10
kinsingloaderupx

Malware Config

Targets

    • Target

      2024-01-25_3489dda3478cb34b4024cd4376e0c9c8_cryptolocker

    • Size

      59KB

    • MD5

      3489dda3478cb34b4024cd4376e0c9c8

    • SHA1

      df5e26acfbb1fa0d1fa4a49593a578d393c18688

    • SHA256

      43df89f3436e4539a5ec30aada203fa03c7897877c27b18eab987f056fcb039b

    • SHA512

      10f900511459e90f6b63130b293ed0ae09b20f573b3cb3c408edd114c4d3a6e20f3dc9e793dfccf047e5a46f85a003a78ff78133e2e14a42965f0399bb1e18b8

    • SSDEEP

      1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAuz:z6a+CdOOtEvwDpjQR

    Score
    10/10
    upxkinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks