MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: b19f6698a91cc818c14952c74e99db302c229d1f868d144f9344f83d9ecf6825
SHA3-384 hash: 60bbb237397e06a9341c5bfa44fe0138b0f29e648c6e2b6487bafa1590df890ed75eba2799c3478bb03f6d771d14b86b
SHA1 hash: c4864e43a9d8e42a742d031e205eaa63dd7df77c
MD5 hash: 3eaadae16c69e14384412a2ffd687217
humanhash: quebec-carolina-tennis-autumn
File name:kins_2.0.9.15.vir
Download: download sample
Signature KINS
File size:208'384 bytes
First seen:2020-07-19 19:47:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 15751466f7d80dbf474e01008b45b61f
ssdeep 3072:nUa8BZhUSWQsMVSg2AP1ERIrUoIMF3B1g0Qw7xYJdm9Z79BiL3Z9SQDQf5KGJ4:iOZ5K1rFx1g1exOmNifL8PJ
TLSH 081412B03F741F15E47E4532996691A87E4479917E0167E9E8BD1ACE2EB02A430232FB
Reporter @tildedennis
Tags:kins


Twitter
@tildedennis
kins version 2.0.9.15

Intelligence


File Origin
# of uploads :
1
# of downloads :
34
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2013-06-19 23:12:00 UTC
AV detection:
22 of 25 (88.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Identifies Wine through registry keys
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments