Overview

overview

10

Static

static

3

321c221f68...18.exe

windows7-x64

7

321c221f68...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18

  • Size

    4.5MB

  • Sample

    240125-szekeaagbk

  • MD5

    edc9881fb8cb97d661a7eacd1e354772

  • SHA1

    69c52fac385b6a5022c91ff6f1b43ffa05fc1dbe

  • SHA256

    321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18

  • SHA512

    73040495547beae4b62078d71642a53b4fb198fdf63511f00d76602e830d4be1248eec93872a5ec3a24e22b0e375c95fc98346c7aa01cfbf31cd1aaa8223d61d

  • SSDEEP

    98304:TcLUHGONrwxm2lvozNrxzsW8iJdR2S0wJWSSBOi8zG8b7qlfMJg:TcLUmOxHegzNCW8iJXg587b7qBOg

Score
10/10
kinsingdiscoveryevasionloadertrojan

Malware Config

Targets

    • Target

      321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18

    • Size

      4.5MB

    • MD5

      edc9881fb8cb97d661a7eacd1e354772

    • SHA1

      69c52fac385b6a5022c91ff6f1b43ffa05fc1dbe

    • SHA256

      321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18

    • SHA512

      73040495547beae4b62078d71642a53b4fb198fdf63511f00d76602e830d4be1248eec93872a5ec3a24e22b0e375c95fc98346c7aa01cfbf31cd1aaa8223d61d

    • SSDEEP

      98304:TcLUHGONrwxm2lvozNrxzsW8iJdR2S0wJWSSBOi8zG8b7qlfMJg:TcLUmOxHegzNCW8iJXg587b7qBOg

    Score
    10/10
    discoveryevasiontrojankinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks