kinsing

General

Target

Заказ на покупку_(P.O_6203445-2024)_Викторович ООО.iso
Size

718KB
Sample

240125-s3hq8shhc6
MD5

3b2bbedd413b309ae35d3deb6895b174
SHA1

9d7e92a626c2102bce2927b63d9890fb5c5d9ab6
SHA256

cd795efaecacad8749827588ac045d9d209a0eb29656a0c5cc903f1ad49231d7
SHA512

4bab76fe085419cf11fb40b3a5b0c92aefc1541db94f909af2551e6d92ab67d1b8ea38aa2e8b144bb864def0ec2a6e1fe7df66782b40c3d9c2004185f2e8e202
SSDEEP

12288:GqUyZzjn9co0d0wvvSQNCY62XACRCY27D:pdZKo02cvS4CY6iAqCY27

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

https://novlkyy.shop/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Заказ на покупку_(P.O_6203445-2024)_Викторович ООО.exe
- Size
  
  657KB
- MD5
  
  0e791ce3c5922bb2cd95f33b59296db3
- SHA1
  
  b2f53b32ccef839718bbd47b560daeb7e8aa541c
- SHA256
  
  0c82feaf206d2633de0904b7fe4f34da47e4dcf08079afd668101c180e2df32d
- SHA512
  
  011c5e502bc3a90f9672411b81c44967401d91365f0951e22c2a4621e27f702696c528d5da4c1484d579b9b6cd22b2d3441d6989d96103e4c2b0599c9dfdcaf2
- SSDEEP
  
  12288:uqUyZzjn9co0d0wvvSQNCY62XACRCY27D8:xdZKo02cvS4CY6iAqCY27Y
Score

10^/10

lokibot collection spyware stealer trojan kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2