kinsing | 095dab73e2b180f247c4f3b92d4d5e6da806c362bc64ea38d7d4a25ee768cc18 | Triage

Sharing

General

Target

Badlion Client-4.0.1.dmg
Size

136.0MB
Sample

240125-tbsykabacp
MD5

0ce900b6580b42eddf62440e24d41464
SHA1

9a85914780e9f83c6d943089827a6b30b7fa78fd
SHA256

095dab73e2b180f247c4f3b92d4d5e6da806c362bc64ea38d7d4a25ee768cc18
SHA512

520e7d47dc4f6ebef7ae82b481cacd125f5ae61fbd0a3190fb7bb105c99cde7c4360df3a9b2989cf19f5808882963209db96d947362ae8d4e52d13d7e7c7aef1
SSDEEP

3145728:jbZuUSymLo+fXuFx6Jle9HP5I7zC0vg5F3LdPh8E5/il9yl:jFuLeFxo4hP5I7WcghZjO9

Score

10^/10

kinsing discovery loader macos

Malware Config

Targets

- Target
  
  Badlion Client-4.0.1.dmg
- Size
  
  136.0MB
- MD5
  
  0ce900b6580b42eddf62440e24d41464
- SHA1
  
  9a85914780e9f83c6d943089827a6b30b7fa78fd
- SHA256
  
  095dab73e2b180f247c4f3b92d4d5e6da806c362bc64ea38d7d4a25ee768cc18
- SHA512
  
  520e7d47dc4f6ebef7ae82b481cacd125f5ae61fbd0a3190fb7bb105c99cde7c4360df3a9b2989cf19f5808882963209db96d947362ae8d4e52d13d7e7c7aef1
- SSDEEP
  
  3145728:jbZuUSymLo+fXuFx6Jle9HP5I7zC0vg5F3LdPh8E5/il9yl:jFuLeFxo4hP5I7WcghZjO9
Score

1^/10
behavioral1
- Target
  
  Badlion Client 4.0.1/Badlion Client.app/Contents/MacOS/Badlion Client
- Size
  
  364KB
- MD5
  
  92bf4009f4601879f58053d80c1fb409
- SHA1
  
  ef39bee85eb66995ac3d3f967d0d5bb343eede17
- SHA256
  
  88e0239e2facea95206040628f2c7a96093a751cfc0e0a18290983f75ca3ad48
- SHA512
  
  78728a6f931ffc93f57531929f73fc167d4fc7f36cd481ee721bbb7dda1533654db72181662e27b0848010860deda762cfb617352d8691f004a1a707eb16d8e7
- SSDEEP
  
  6144:Hi1YZ14c9NfXf17cVfnE7k7fMau8ReWN83B0ceFHh0HWhpGFsJuhLmi:0Y8cTfuDu8BwHTS
Score

1^/10
behavioral2
- Target
  
  Badlion Client 4.0.1/Badlion Client.app/Contents/ffmpeg
- Size
  
  71.9MB
- MD5
  
  251c9b763d02f64d740d11af54902c35
- SHA1
  
  235691159e2a72f86d0368e1a8818337a5257fa4
- SHA256
  
  344a9f9734016dabaeb0c25a384638be965ae7284d87e36c968eab99e96b1b84
- SHA512
  
  1c7ca57118c78f3c83e1957e2c403055753780ac5b714ef2c4298e11a4393b22a8d7ccabcfd22871f96078c7943c5c24b357a222ea5adcfc77a7a53db2af70b2
- SSDEEP
  
  786432:XtFVk8Vss1czXvzkowtXy+2XmCYRwCyWRDl0rGWyaHJmdg:XtSNXvzMZ+XmCY+1
Score

1^/10
behavioral3
- Target
  
  Badlion Client 4.0.1/Badlion Client.app/Contents/libs/caffeine-2.8.8.jar
- Size
  
  900KB
- MD5
  
  ddac1f8f76743255084022ac6f06b7cf
- SHA1
  
  298bb2108157513a39a1a52a686a1fe8b57cc973
- SHA256
  
  7b7b72c6ce3e47e774e29060ceba19e83e8259bd475986e04b4f3272d4a58f73
- SHA512
  
  6cb83b6d5054c63c13af5fd39f11065556137edd423385f5d960a656fafddf5a5ddccd1ddeddafdcbd511d0fef005c58fac9e3fb0bdf1d469af24450dfbc2325
- SSDEEP
  
  24576:ZtW2QKpqEdXsSvb7orm0oNLZSmV4IyEKbIcF:ZtztFQ44EKbIcF
Score

10^/10

kinsing discovery loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies file permissions
  discovery
behavioral4 behavioral5
- Target
  
  Badlion Client 4.0.1/Badlion Client.app/Contents/libs/disruptor-3.4.2.jar
- Size
  
  81KB
- MD5
  
  6895a3c4f54cf92eef6530e9e2cd3c46
- SHA1
  
  e2543a63086b4189fbe418d05d56633bc1a815f7
- SHA256
  
  f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0
- SHA512
  
  da76e44fc9834c6d9e21eafe2fe64604159dba99770946bd114823ba037ea0217ae3a13f5eaf29e28edf92fcfd4f20c60b7645d6f117c38c897594e1337a744c
- SSDEEP
  
  1536:oY+hjADvCviw+918+uBeKfaUxR1WLr+Q+i2:oY+hGyr+duB8aR1WeC2
Score

10^/10

kinsing discovery loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies file permissions
  discovery
behavioral6 behavioral7
- Target
  
  Badlion Client 4.0.1/Badlion Client.app/Contents/libs/joml-jdk8-1.9.25.jar
- Size
  
  710KB
- MD5
  
  9b868b921d0490b417bd594984b680b1
- SHA1
  
  7bb2cd964c5e7b129a52e1f47edfdd557a7ec3da
- SHA256
  
  fc76d61e7900e65cab1f3c237a5186ff2344dd7d7d0bbf8f01a453c4fa2a1b28
- SHA512
  
  c54cdcfe63c1998fd14d46988fc49509ac6af2e2516eaad0dae19566baf1c99f0482d026d7f6e79a66706905b76af9b4298a23521ecb32f5a3708806340b3959
- SSDEEP
  
  12288:KmomVdb1+8moOzQTzSBNJuv+yUXUniNPW/I8Y8hq3n2RrjJydtlMm:LfdW6ST8+yUXUni9W/I8VCihG9
Score

10^/10

kinsing discovery loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies file permissions
  discovery
behavioral8 behavioral9
- Target
  
  Badlion Client 4.0.1/Badlion Client.app/Contents/libs/lz4-java-1.7.1.jar
- Size
  
  634KB
- MD5
  
  d56d86823662a663a4d614dd5e117eff
- SHA1
  
  c4d931ef8ad2c9c35d65b231a33e61428472d0da
- SHA256
  
  f1167a45d4b8002053670ef6991ca66d1bab9dcc03e4ef00183674d2f3fb9cac
- SHA512
  
  ff48daeca92c5a7657aa9c7fe41c5ae75a5fa0aad05c655bacb64a40acfe93ffd3d40bef16544614ce8a38db3e1df177023101773f6f7c1d32031413270e42d2
- SSDEEP
  
  12288:amEvKTPZYCwZmp59WR2/nfxHYub6OULsunu8wrqeWm7ahEqw0CwWF40vSumvh:dPZYCwUqcfF/6OULsuwrPd7ahEEWvvc
Score

10^/10

kinsing discovery loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies file permissions
  discovery
behavioral10 behavioral11
- Target
  
  Badlion Client 4.0.1/Badlion Client.app/Contents/libs/optifineinstallwrapper.jar
- Size
  
  3KB
- MD5
  
  8967319339fd7ff2a67b3a9eab3e4b93
- SHA1
  
  03e69508f50bffba71390c367fbc5e8c00d07335
- SHA256
  
  f4c5909042743c4a7206f52ae352fbfcad807185a985884314044b236ccb24c0
- SHA512
  
  e376022ce07135b77d46da898c27bf49239332e88410b4a20362e9f4ada0fb2a02b7cdbd00bfc0f11d3228ce56e77cd165b77baf41c21790dbb52ccf771555a1
Score

10^/10

kinsing discovery loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies file permissions
  discovery
behavioral12 behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

kinsingdiscoveryloader

behavioral6

behavioral7

kinsingdiscoveryloader

behavioral8

behavioral9

kinsingdiscoveryloader

behavioral10

behavioral11

kinsingdiscoveryloader

behavioral12

behavioral13

kinsingdiscoveryloader