kinsing | e357135bee468ba798b556dec8ceba0d38db2eaff80055ab6650e7c03c16805c | Triage

Submit
Reports

Overview

overview

Static

static

3

Versa.wtf_...xt.scr

windows10-2004-x64

Sharing

General

Target

Versa.wtf_robloxtxt.scr
Size

58KB
Sample

240125-t63q9abfgl
MD5

0b994f6931e0ae689adc17b8a6650629
SHA1

3ff8e1de8d839a71331fb1d2e6afa0ed29eea609
SHA256

e357135bee468ba798b556dec8ceba0d38db2eaff80055ab6650e7c03c16805c
SHA512

c89e84348a74d2886545e9ca6ffc451a4f2a5134f3e874b2eb9e78f1f2acefb2dec85cbf41bdbf3630d798a6cebf9aa69ad1b46b7ccf747e24462df3205fde4f
SSDEEP

384:Mi38dDnaxg679BwKCcbeuiyOgW+vvRiBDeoww4glQhgLU07kRI0VxdahYMMmncdb:/s9naW+95CcbKv5qvkBDxLc

Score

10^/10

kinsing loader spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Versa.wtf_robloxtxt.scr

Resource

win10v2004-20231215-en

kinsing loader spyware stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  Versa.wtf_robloxtxt.scr
- Size
  
  58KB
- MD5
  
  0b994f6931e0ae689adc17b8a6650629
- SHA1
  
  3ff8e1de8d839a71331fb1d2e6afa0ed29eea609
- SHA256
  
  e357135bee468ba798b556dec8ceba0d38db2eaff80055ab6650e7c03c16805c
- SHA512
  
  c89e84348a74d2886545e9ca6ffc451a4f2a5134f3e874b2eb9e78f1f2acefb2dec85cbf41bdbf3630d798a6cebf9aa69ad1b46b7ccf747e24462df3205fde4f
- SSDEEP
  
  384:Mi38dDnaxg679BwKCcbeuiyOgW+vvRiBDeoww4glQhgLU07kRI0VxdahYMMmncdb:/s9naW+95CcbKv5qvkBDxLc
Score

10^/10

kinsing loader spyware stealer
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

kinsingloaderspywarestealer

© 2018-2024

Terms | Privacy