kinsing | f375f846f74202c26c8c98f67d6270d37eb401375d455af0d502f14fb9ad2869 | Triage

Sharing

General

Target

2024-01-25_fb4c18480dd15904e8a452f9b3f198c8_mafia_nionspy
Size

288KB
Sample

240125-tdgcjsabc7
MD5

fb4c18480dd15904e8a452f9b3f198c8
SHA1

3e2af18484ba0f03a2e7f312100fd6da5760661e
SHA256

f375f846f74202c26c8c98f67d6270d37eb401375d455af0d502f14fb9ad2869
SHA512

90b0ea5c6c2ef445545f40b4da6ba3d90899934ff00ee0e50b55cfa8272aa45cae93cdce63b69a9a44523493a50cdb48ff199556b707594de03083409b608995
SSDEEP

6144:cQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:cQMyfmNFHfnWfhLZVHmOog

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  2024-01-25_fb4c18480dd15904e8a452f9b3f198c8_mafia_nionspy
- Size
  
  288KB
- MD5
  
  fb4c18480dd15904e8a452f9b3f198c8
- SHA1
  
  3e2af18484ba0f03a2e7f312100fd6da5760661e
- SHA256
  
  f375f846f74202c26c8c98f67d6270d37eb401375d455af0d502f14fb9ad2869
- SHA512
  
  90b0ea5c6c2ef445545f40b4da6ba3d90899934ff00ee0e50b55cfa8272aa45cae93cdce63b69a9a44523493a50cdb48ff199556b707594de03083409b608995
- SSDEEP
  
  6144:cQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:cQMyfmNFHfnWfhLZVHmOog
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2