kinsing | 448e58ff51c6c611f5bc5785ca105f91783e1377d0ece9e9c7f9ea5e600a48da | Triage

Sharing

General

Target

74ede59e4cfc7c330f8a48dd3c775fe3
Size

3.3MB
Sample

240125-tjd5daace2
MD5

74ede59e4cfc7c330f8a48dd3c775fe3
SHA1

ba99acdbf190aa7e39aa6074384439de0336d629
SHA256

448e58ff51c6c611f5bc5785ca105f91783e1377d0ece9e9c7f9ea5e600a48da
SHA512

f4ee80e8679a48e60f5dd3fd623f202b036b3e1c9fe4e0da6ad3bf71adb9b5bbc061c7ba88dfce342915bd2f5af17583a625e353a2ddcb608590a217bb84950e
SSDEEP

98304:HILlpufGXeNgKbVm4YO54XeoHv7/MiRek0Xa:HILMGXeNNVJYOg1RB

Score

10^/10

kinsing evasion loader

Malware Config

Targets

- Target
  
  74ede59e4cfc7c330f8a48dd3c775fe3
- Size
  
  3.3MB
- MD5
  
  74ede59e4cfc7c330f8a48dd3c775fe3
- SHA1
  
  ba99acdbf190aa7e39aa6074384439de0336d629
- SHA256
  
  448e58ff51c6c611f5bc5785ca105f91783e1377d0ece9e9c7f9ea5e600a48da
- SHA512
  
  f4ee80e8679a48e60f5dd3fd623f202b036b3e1c9fe4e0da6ad3bf71adb9b5bbc061c7ba88dfce342915bd2f5af17583a625e353a2ddcb608590a217bb84950e
- SSDEEP
  
  98304:HILlpufGXeNgKbVm4YO54XeoHv7/MiRek0Xa:HILMGXeNNVJYOg1RB
Score

10^/10

evasion kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsingevasionloader