General
-
Target
kinsing
-
Size
5.7MB
-
Sample
241020-sltr6swgrn
-
MD5
b3039abf2ad5202f4a9363b418002351
-
SHA1
0ceb8ffb0be23b808b534d744440f4367e17b9c5
-
SHA256
787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c
-
SHA512
8b1a1003a021d0f69b9295f496bf550932ce85b096ca7057632756348da1354c2b104ff36e901b27def030b79749c8fc7f54163d6195e5e0cb9b357353ee654e
-
SSDEEP
49152:wCe/ydXZSrb/TJvO90dL3BmAFd4A64nsfJvaWi9sglz/KbwLjFfiawr1eAOkzDIK:3eidO9suPF+NL4FiBnIrb3rE
Malware Config
Targets
-
-
Target
kinsing
-
Size
5.7MB
-
MD5
b3039abf2ad5202f4a9363b418002351
-
SHA1
0ceb8ffb0be23b808b534d744440f4367e17b9c5
-
SHA256
787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c
-
SHA512
8b1a1003a021d0f69b9295f496bf550932ce85b096ca7057632756348da1354c2b104ff36e901b27def030b79749c8fc7f54163d6195e5e0cb9b357353ee654e
-
SSDEEP
49152:wCe/ydXZSrb/TJvO90dL3BmAFd4A64nsfJvaWi9sglz/KbwLjFfiawr1eAOkzDIK:3eidO9suPF+NL4FiBnIrb3rE
-
XMRig Miner payload
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
3System Checks
2