General
-
Target
kins_2.0.11.0.vir
-
Size
595KB
-
Sample
200719-6kc4hvd4b2
-
MD5
c1784500884254d8f7659b545963ed3b
-
SHA1
84786ce781524f66f075d52f4700fd46f862c5d8
-
SHA256
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
-
SHA512
580d17052b98ca86d9a507f11cfaf9b445fea33e8aae38ee6820552ef3b35d5855b2ab2d5099ee1f344e7a0425d734d5a47703ee01fbabef9405d1b613b7bd41
Static task
static1
Behavioral task
behavioral1
Sample
kins_2.0.11.0.vir.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
kins_2.0.11.0.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
kins_2.0.11.0.vir
-
Size
595KB
-
MD5
c1784500884254d8f7659b545963ed3b
-
SHA1
84786ce781524f66f075d52f4700fd46f862c5d8
-
SHA256
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
-
SHA512
580d17052b98ca86d9a507f11cfaf9b445fea33e8aae38ee6820552ef3b35d5855b2ab2d5099ee1f344e7a0425d734d5a47703ee01fbabef9405d1b613b7bd41
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-