kinsing | b324c53ae8b37753405563df1e4a0375758c9b9c2d9368ad807a6e8cda957c6a | Triage

Sharing

General

Target

neverlose_cr.rar
Size

644KB
Sample

240125-s28ahaagfn
MD5

30df88d0a67c5c4da32f4241cebe385d
SHA1

13414f6d93e80e73d4ef2f7be3b5ea98f9784a23
SHA256

b324c53ae8b37753405563df1e4a0375758c9b9c2d9368ad807a6e8cda957c6a
SHA512

92563d9362f1795b454d87d4c2bfd1dcff56dc3e367060ab4fbdf2739f245e31584ba6547f561fe5c494ad7bd150feab2c15c145f67bcee0c90c1917e0273bb0
SSDEEP

12288:LaWY1XaC1izww0BfZ2KlTfbTHghYmy4rcqpqMklQX9TQBJuhc0:S1qCczEBfZ2KlTHaYsuqSJuq0

Score

10^/10

kinsing redline @asasasassasassassas infostealer loader spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@asasasassasassassas

C2

45.15.156.167:80

Targets

- Target
  
  nlinjector.exe
- Size
  
  733KB
- MD5
  
  16b814f5d97faeb7f388fa00626a6f5d
- SHA1
  
  f1ddab5c0553bcad26056d64e3037e7c5bc7391c
- SHA256
  
  c4dd5514c42110629dee90c23c5ec4186da39140dc23a952a57085687d6c6a71
- SHA512
  
  f811e92f263db7dba10b107d693e0c64afda509b8c9573f826b2931475dea91675e735bc4f60837b932782fedc2dabad5f31fe6533fec8c3dca24b1ec29504b3
- SSDEEP
  
  12288:Rh18k70TnvjcUxhzQKo6VxgCgxa5yT2owiJh2:uk70TrcUJfVxScyT2oweh
Score

10^/10

redline @asasasassasassassas infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  nvrls_build.dll
- Size
  
  483KB
- MD5
  
  638ca280bdafef22e9a93651cdcebf03
- SHA1
  
  1241eaba9b312fbc10c3fe4e3026de96ca46f958
- SHA256
  
  7b6a2db2e2b6d3b306754dbf6df7fb714aa53eefabf34d90ea4fb4484a31a596
- SHA512
  
  70d661b39a5ae7b84a97d8ecac2b3bdb3495bd96f16fe6c0563a4861eb38b67fe571cb43b7976806c73b930330f1139bc3c30d3e110dd21fa2563cad6a9b830c
- SSDEEP
  
  6144:k7zuPxGDdDpMYoCc4frmAtG6jAxSiRzKOOGNUlwoZlSbX2Oq0cW0nYjCSNxyCi5l:k7IgdDpz24fzGO+55zzVH0nZCS
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral3 behavioral4
- Target
  
  readme.txt
- Size
  
  559B
- MD5
  
  38c00bafca1039eedfab0fb4a0ee5428
- SHA1
  
  1af7bb5aef4038097aebe3c8c678ba98326d0af2
- SHA256
  
  d273195333cad57c9b94956ec678277872ab38f84d12f38d6305a635f487cd2d
- SHA512
  
  488a42c12c0e4fc8da3cce482af29546043c54298dea3ef2394dd61c29638c471baf47c4e287c36e940e4039b42cd30ce6842d781edcc4208266395b874a295f
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline@asasasassasassassasinfostealerspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6