kinsing | f687f07fb4757f2a43560c7e02e5aaa12f8e50c7ecb4d38a27307d87b8167f8d | Triage

Sharing

General

Target

74fa49f60a92b46d4a75f63167e62a12
Size

431KB
Sample

240125-t2ll6sbegm
MD5

74fa49f60a92b46d4a75f63167e62a12
SHA1

f2bb1d660002e095e8026981ea31f872f1535bc9
SHA256

f687f07fb4757f2a43560c7e02e5aaa12f8e50c7ecb4d38a27307d87b8167f8d
SHA512

3fd3b151671cd51cb522f2afbbdb5137525905a85169576abfbf0c8b5880326afa57f51ee272a281474911b593b8e360c62652c30c48942099485fe6b15bb31b
SSDEEP

12288:hN1ASkD/alY8pAEoknoa8KOIT/QBD7Hv6dtb3Uj1:lASEC9pAEoA58BD+dtm1

Score

10^/10

kinsing evasion loader

Malware Config

Targets

- Target
  
  74fa49f60a92b46d4a75f63167e62a12
- Size
  
  431KB
- MD5
  
  74fa49f60a92b46d4a75f63167e62a12
- SHA1
  
  f2bb1d660002e095e8026981ea31f872f1535bc9
- SHA256
  
  f687f07fb4757f2a43560c7e02e5aaa12f8e50c7ecb4d38a27307d87b8167f8d
- SHA512
  
  3fd3b151671cd51cb522f2afbbdb5137525905a85169576abfbf0c8b5880326afa57f51ee272a281474911b593b8e360c62652c30c48942099485fe6b15bb31b
- SSDEEP
  
  12288:hN1ASkD/alY8pAEoknoa8KOIT/QBD7Hv6dtb3Uj1:lASEC9pAEoA58BD+dtm1
Score

10^/10

evasion kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsingevasionloader