kinsing | 02fb082aeea497f81a0944f5662853a34a97d6a3ea2806870aafb71cde22a3ee | Triage

Sharing

General

Target

Cloudflare_WARP_Release-x64.msi
Size

108.3MB
Sample

240125-thfxksacc3
MD5

5f57c00031a58c5d30e5226e64e991c8
SHA1

1380eea1e1dc7217d4879c6a59c9586a0790cf6f
SHA256

02fb082aeea497f81a0944f5662853a34a97d6a3ea2806870aafb71cde22a3ee
SHA512

1f7f6ec2e4fe3dfbadc5e91de8d00152829521bf7440e975f765445fdf27b061b320928e6e7812cefd0a6bda78ba1e66f00e8237290bf659e00bec201253f963
SSDEEP

3145728:7gskdv4RghBUtn4iEu19Od0wBpoxDlkfhbw1:k7x4R0+iiD19s04g+

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  Cloudflare_WARP_Release-x64.msi
- Size
  
  108.3MB
- MD5
  
  5f57c00031a58c5d30e5226e64e991c8
- SHA1
  
  1380eea1e1dc7217d4879c6a59c9586a0790cf6f
- SHA256
  
  02fb082aeea497f81a0944f5662853a34a97d6a3ea2806870aafb71cde22a3ee
- SHA512
  
  1f7f6ec2e4fe3dfbadc5e91de8d00152829521bf7440e975f765445fdf27b061b320928e6e7812cefd0a6bda78ba1e66f00e8237290bf659e00bec201253f963
- SSDEEP
  
  3145728:7gskdv4RghBUtn4iEu19Od0wBpoxDlkfhbw1:k7x4R0+iiD19s04g+
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2