kinsing | e8109b14400b3a580fbc4f5aa6930536df59a046b6cc5625c8ab47bfe39b4937 | Triage

Submit
Reports

Overview

overview

Static

static

3

TauDEM537_setup.exe

windows10-1703-x64

Resubmissions

31-01-2024 04:13

240131-etjqaadbbj 7

25-01-2024 16:01

240125-tgnk2aaca5 10

25-01-2024 15:47

240125-s76c4aaab6 3

Sharing

General

Target

TauDEM537_setup.exe
Size

88.6MB
Sample

240125-tgnk2aaca5
MD5

33f7f04d3df20cf2c5aabea259150d51
SHA1

8eb78ef9e2cdad7fee7704fb8a3820277eaff6ea
SHA256

e8109b14400b3a580fbc4f5aa6930536df59a046b6cc5625c8ab47bfe39b4937
SHA512

f6c5d9d51e8d103d134252546a6be1070800a1e6875c50cada378c7eddee7c06d271a540833d50002714927bcb6e4d975b9bcdfd6a809ba43fcf6d1477d94faa
SSDEEP

1572864:pn/WnnDLV0dwTIYWU3bnTdE/aBBuAVZm6NT16YRaucD9aaXSF5OCKDbE6bMdyDiX:p/WnHyy8UjTSCXjrF56m8haMSF5OCKDu

Score

10^/10

kinsing discovery evasion loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TauDEM537_setup.exe

Resource

win10-20231215-en

kinsing discovery evasion loader

windows10-1703-x64

19 signatures

1800 seconds

Malware Config

Targets

- Target
  
  TauDEM537_setup.exe
- Size
  
  88.6MB
- MD5
  
  33f7f04d3df20cf2c5aabea259150d51
- SHA1
  
  8eb78ef9e2cdad7fee7704fb8a3820277eaff6ea
- SHA256
  
  e8109b14400b3a580fbc4f5aa6930536df59a046b6cc5625c8ab47bfe39b4937
- SHA512
  
  f6c5d9d51e8d103d134252546a6be1070800a1e6875c50cada378c7eddee7c06d271a540833d50002714927bcb6e4d975b9bcdfd6a809ba43fcf6d1477d94faa
- SSDEEP
  
  1572864:pn/WnnDLV0dwTIYWU3bnTdE/aBBuAVZm6NT16YRaucD9aaXSF5OCKDbE6bMdyDiX:p/WnHyy8UjTSCXjrF56m8haMSF5OCKDu
Score

10^/10

kinsing discovery evasion loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kinsingdiscoveryevasionloader

© 2018-2024

Terms | Privacy