b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825 | Triage

Sharing

General

Target

kins_2.0.9.15.vir
Size

203KB
Sample

200719-6rq2ped5lx
MD5

3eaadae16c69e14384412a2ffd687217
SHA1

c4864e43a9d8e42a742d031e205eaa63dd7df77c
SHA256

b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825
SHA512

a08ff272db05c5dd896da24500fceaad7284cf1c5b0328aa293d740fb1c2fe122be9eb3b141801053fdbae370a0ef5e5011435c413b1f88cd56a6b838bc98b19

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  kins_2.0.9.15.vir
- Size
  
  203KB
- MD5
  
  3eaadae16c69e14384412a2ffd687217
- SHA1
  
  c4864e43a9d8e42a742d031e205eaa63dd7df77c
- SHA256
  
  b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825
- SHA512
  
  a08ff272db05c5dd896da24500fceaad7284cf1c5b0328aa293d740fb1c2fe122be9eb3b141801053fdbae370a0ef5e5011435c413b1f88cd56a6b838bc98b19
Score

8^/10

evasion persistence
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2