MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4871a6de5ad98ba04f4e3180dcb21ed7d649f5ee74c086aac859005f09952520. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 4871a6de5ad98ba04f4e3180dcb21ed7d649f5ee74c086aac859005f09952520
SHA3-384 hash: 4a298bd9353daa9508f2f9e845421fe4f753a7340d5d11cbcecf036881de896ed449755d0665ddf3bafaa4a29df7b08d
SHA1 hash: 9f278dba9bced2e579e6b565951fb0410555afc9
MD5 hash: b3edd03e637283abd1f82d979a4cc544
humanhash: utah-blossom-burger-grey
File name:kins_2.0.9.14.vir
Download: download sample
Signature KINS
File size:183'808 bytes
First seen:2020-07-19 19:48:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 18d091b7eb620fb06219d71e5f6bd385
ssdeep 1536:AjY5R5hFsAW3XNg7T4r3/Y4Zubi1q/71w0srAPw:J9hFs139gn4w8+2qT1rHP
TLSH A004F17B29E552B3C9C216B168D7993CFF306A5077E4CB59D712036E8A76B83B40E80D
Reporter @tildedennis
Tags:kins


Twitter
@tildedennis
kins version 2.0.9.14

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2012-01-27 20:24:00 UTC
AV detection:
23 of 25 (92.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
evasion
Behaviour
Identifies Wine through registry keys
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments