kinsing | 40d965bd0b4078fb52ba7128832509b866f3f525103ebc7ed68973c31f2aabca | Triage

Submit
Reports

Overview

overview

Static

static

7

74f32418b6...3f.exe

windows7-x64

7

74f32418b6...3f.exe

windows10-2004-x64

Sharing

General

Target

74f32418b66f5356b954fff45a9fe53f
Size

99KB
Sample

240125-tq9vmaadh9
MD5

74f32418b66f5356b954fff45a9fe53f
SHA1

821b836e7a13da0e694f07d79bd7b9a7b9a18f47
SHA256

40d965bd0b4078fb52ba7128832509b866f3f525103ebc7ed68973c31f2aabca
SHA512

a3e847a7bca0c7c91b728dce9e748e4c9435838d22aff090c99ee1a3ff5b248eced970702c783f6c3d1ef15c168598673cd0507a7f930008d0413a33ac4112be
SSDEEP

3072:sr3KcWmjRrzSssCfahNnnVMTTkHZmRAhhZOqi:/eiNnnVMcH4ohZO1

Score

10^/10

kinsing loader persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

74f32418b66f5356b954fff45a9fe53f.exe

Resource

win7-20231215-en

persistence spyware stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

74f32418b66f5356b954fff45a9fe53f.exe

Resource

win10v2004-20231222-en

kinsing loader persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  74f32418b66f5356b954fff45a9fe53f
- Size
  
  99KB
- MD5
  
  74f32418b66f5356b954fff45a9fe53f
- SHA1
  
  821b836e7a13da0e694f07d79bd7b9a7b9a18f47
- SHA256
  
  40d965bd0b4078fb52ba7128832509b866f3f525103ebc7ed68973c31f2aabca
- SHA512
  
  a3e847a7bca0c7c91b728dce9e748e4c9435838d22aff090c99ee1a3ff5b248eced970702c783f6c3d1ef15c168598673cd0507a7f930008d0413a33ac4112be
- SSDEEP
  
  3072:sr3KcWmjRrzSssCfahNnnVMTTkHZmRAhhZOqi:/eiNnnVMcH4ohZO1
Score

10^/10

persistence spyware stealer upx kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

kinsingloaderpersistencespywarestealerupx

© 2018-2024

Terms | Privacy