kinsing | c4f3d4c62f17140781474459bfeae6a353004163ad0ed4821a99f462bf30238a | Triage

Submit
Reports

Overview

overview

Static

static

3

74ee62c8c7...3a.exe

windows7-x64

74ee62c8c7...3a.exe

windows10-2004-x64

Sharing

General

Target

74ee62c8c771189f2e927878eeff9f3a
Size

1.1MB
Sample

240125-tjy5jsbbfm
MD5

74ee62c8c771189f2e927878eeff9f3a
SHA1

faa5ca94d3a88a601603bfb1b6b42d3de819f38e
SHA256

c4f3d4c62f17140781474459bfeae6a353004163ad0ed4821a99f462bf30238a
SHA512

e3f59fef593b445a28c50756fae7b5974517ea53edda3f6df1aa917c8a8a640d1f76e9672a585aff34975418da910cdc0d66e80d9b6dd1c70f3c940a15e1c946
SSDEEP

24576:y37bNIka//RpA4wP/as8RXAqWNtK5tpNkcnLEkonHEiqqYug:y37Ska//RpApqOtwN4kuU5ug

Score

10^/10

kinsing redline sectoprat @gogowork11 infostealer loader rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

74ee62c8c771189f2e927878eeff9f3a.exe

Resource

win7-20231215-en

redline sectoprat @gogowork11 infostealer rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

74ee62c8c771189f2e927878eeff9f3a.exe

Resource

win10v2004-20231215-en

kinsing redline sectoprat @gogowork11 infostealer loader rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Gogowork11

C2

185.206.215.216:80

Targets

- Target
  
  74ee62c8c771189f2e927878eeff9f3a
- Size
  
  1.1MB
- MD5
  
  74ee62c8c771189f2e927878eeff9f3a
- SHA1
  
  faa5ca94d3a88a601603bfb1b6b42d3de819f38e
- SHA256
  
  c4f3d4c62f17140781474459bfeae6a353004163ad0ed4821a99f462bf30238a
- SHA512
  
  e3f59fef593b445a28c50756fae7b5974517ea53edda3f6df1aa917c8a8a640d1f76e9672a585aff34975418da910cdc0d66e80d9b6dd1c70f3c940a15e1c946
- SSDEEP
  
  24576:y37bNIka//RpA4wP/as8RXAqWNtK5tpNkcnLEkonHEiqqYug:y37Ska//RpApqOtwN4kuU5ug
Score

10^/10

redline sectoprat @gogowork11 infostealer rat trojan kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectoprat@gogowork11infostealerrattrojan

behavioral2

kinsingredlinesectoprat@gogowork11infostealerloaderrattrojan

© 2018-2024

Terms | Privacy