MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

KINS

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825
SHA3-384 hash:	60bbb237397e06a9341c5bfa44fe0138b0f29e648c6e2b6487bafa1590df890ed75eba2799c3478bb03f6d771d14b86b
SHA1 hash:	c4864e43a9d8e42a742d031e205eaa63dd7df77c
MD5 hash:	3eaadae16c69e14384412a2ffd687217
humanhash:	quebec-carolina-tennis-autumn
File name:	kins_2.0.9.15.vir
Download:	download sample
Signature	KINS Create hunting rule
File size:	208'384 bytes
First seen:	2020-07-19 19:47:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	15751466f7d80dbf474e01008b45b61f (1 x KINS)
ssdeep	3072:nUa8BZhUSWQsMVSg2AP1ERIrUoIMF3B1g0Qw7xYJdm9Z79BiL3Z9SQDQf5KGJ4:iOZ5K1rFx1g1exOmNifL8PJ
Threatray	29 similar samples on MalwareBazaar
TLSH	081412B03F741F15E47E4532996691A87E4479917E0167E9E8BD1ACE2EB02A430232FB
Reporter	tildedennis
Tags:	kins

tildedennis

kins version 2.0.9.15

Intelligence

File Origin

# of uploads :

# of downloads :

114

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Zeus

Link:

https://www.capesandbox.com/analysis/28393/

Detection(s):

SecuriteInfo.com.Zbot.AMI.9049.21558.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/390639

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825/

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2013-06-19 23:12:00 UTC

AV detection:

22 of 25 (88.00%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-6rq2ped5lx/

Behaviour

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetThreadContext

Adds Run key to start application

Deletes itself

Loads dropped DLL

Identifies Wine through registry keys

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/kins/

Cape

https://www.capesandbox.com/analysis/28393/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample