General

  • Target

    kins_1.0.0.5.vir

  • Size

    229KB

  • Sample

    200719-d7kc4r4mrx

  • MD5

    0f4caba1b0ae76af2af97b8bc14f8449

  • SHA1

    01b8298143c3710707d792f9c5865e923997ec7f

  • SHA256

    5b892ce9a266715a38a7d46284582d2821f630d24a38db350795eab5da951c42

  • SHA512

    16f3839ce7277ed7289da9d8f694e190eefae882106c6595e86d469ca6b40c8e6b035a4f814f90577ef95b122111b2180d736365876043f77885818d428c6481

Malware Config

Targets

    • Target

      kins_1.0.0.5.vir

    • Size

      229KB

    • MD5

      0f4caba1b0ae76af2af97b8bc14f8449

    • SHA1

      01b8298143c3710707d792f9c5865e923997ec7f

    • SHA256

      5b892ce9a266715a38a7d46284582d2821f630d24a38db350795eab5da951c42

    • SHA512

      16f3839ce7277ed7289da9d8f694e190eefae882106c6595e86d469ca6b40c8e6b035a4f814f90577ef95b122111b2180d736365876043f77885818d428c6481

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks