MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b892ce9a266715a38a7d46284582d2821f630d24a38db350795eab5da951c42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5b892ce9a266715a38a7d46284582d2821f630d24a38db350795eab5da951c42
SHA3-384 hash: c37aa0ac7474587504e62bf15f695acfcada0e5867f3589b63d9572a67d5e3224f3b9103365655518b9eccc5a2b5e685
SHA1 hash: 01b8298143c3710707d792f9c5865e923997ec7f
MD5 hash: 0f4caba1b0ae76af2af97b8bc14f8449
humanhash: wisconsin-virginia-oven-tennis
File name:kins_1.0.0.5.vir
Download: download sample
Signature KINS
File size:234'856 bytes
First seen:2020-07-19 19:44:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 910b50472af191ff6e4a4de2a5d18c08
ssdeep 6144:GanBPUQnZjYeV7LkZhMsl7fPUgMB2wLA9X:kCtd3kZhM+XUsQAh
TLSH F634126B599591E3E4028BB07D3FA989E2B5B8775F6D40460B82EC0F2E74790E13D11F
Reporter @tildedennis
Tags:kins


Twitter
@tildedennis
kins version 1.0.0.5

Intelligence


File Origin
# of uploads :
1
# of downloads :
28
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247482 Sample: kins_1.0.0.5.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 53 Antivirus / Scanner detection for submitted sample 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 Machine Learning detection for sample 2->57 59 Sigma detected: Suspicious Svchost Process 2->59 9 kins_1.0.0.5.exe 2->9         started        process3 dnsIp4 39 1.0.0.5 CLOUDFLARENETUS Australia 9->39 69 Detected unpacking (changes PE section rights) 9->69 71 Detected unpacking (overwrites its own PE header) 9->71 73 Drops batch files with force delete cmd (self deletion) 9->73 75 4 other signatures 9->75 13 kins_1.0.0.5.exe 5 9->13         started        signatures5 process6 file7 35 C:\Users\user\AppData\Roaming\...\ywyn.exe, PE32 13->35 dropped 37 C:\Users\user\AppData\...\tmp6eae7188.bat, DOS 13->37 dropped 16 ywyn.exe 13->16         started        19 cmd.exe 1 13->19         started        process8 signatures9 45 Antivirus detection for dropped file 16->45 47 Detected unpacking (changes PE section rights) 16->47 49 Detected unpacking (overwrites its own PE header) 16->49 51 4 other signatures 16->51 21 ywyn.exe 16->21         started        24 conhost.exe 19->24         started        process10 signatures11 61 Injects code into the Windows Explorer (explorer.exe) 21->61 63 Writes to foreign memory regions 21->63 65 Allocates memory in foreign processes 21->65 67 2 other signatures 21->67 26 svchost.exe 2 21->26 injected 29 explorer.exe 21->29         started        31 lupZcCIaYzjITGHf.exe 21->31 injected 33 17 other processes 21->33 process12 dnsIp13 41 92.123.29.59, 443, 49723 AKAMAI-ASUS European Union 26->41 43 92.123.7.210, 49722, 80 AKAMAI-ASUS European Union 26->43
Threat name:
Win32.Trojan.Mint
Status:
Malicious
First seen:
2015-02-16 12:48:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments