kinsing | 33e4cd73bc045aaa9db62711e8f892cf573404e2a1037017398e6e11bf7ad556 | Triage

Sharing

General

Target

74f9d1802ed7c47a8be3a644a6cc85aa
Size

671KB
Sample

240125-t1tw6abefm
MD5

74f9d1802ed7c47a8be3a644a6cc85aa
SHA1

922c49964ccc8297b5f2f1abb157a068c45bb79b
SHA256

33e4cd73bc045aaa9db62711e8f892cf573404e2a1037017398e6e11bf7ad556
SHA512

a7b9e6e55edcbf13ea77f4bf73162c4ae990808ee853c59801a3b994d4d6ddb62d61eead3dd00dfe373ab740be8e0d4d5293ee1f9281e9e24022a5edebb764bd
SSDEEP

12288:8rzVDN5OjTkj8DoON1AOJha1GLvbAPFpR5tXgZz4SeGeHBqEaIYvOxj0Vmhgk83J:GP5Ojot1KOPRbQatG/EfYvSIVCKboy

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  74f9d1802ed7c47a8be3a644a6cc85aa
- Size
  
  671KB
- MD5
  
  74f9d1802ed7c47a8be3a644a6cc85aa
- SHA1
  
  922c49964ccc8297b5f2f1abb157a068c45bb79b
- SHA256
  
  33e4cd73bc045aaa9db62711e8f892cf573404e2a1037017398e6e11bf7ad556
- SHA512
  
  a7b9e6e55edcbf13ea77f4bf73162c4ae990808ee853c59801a3b994d4d6ddb62d61eead3dd00dfe373ab740be8e0d4d5293ee1f9281e9e24022a5edebb764bd
- SSDEEP
  
  12288:8rzVDN5OjTkj8DoON1AOJha1GLvbAPFpR5tXgZz4SeGeHBqEaIYvOxj0Vmhgk83J:GP5Ojot1KOPRbQatG/EfYvSIVCKboy
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2