kinsing | 578928c21365636a5901841722431bc78f5c13b31ccc7cf81a7ead52f9db8457

Analysis

max time kernel
136s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/215AppsChecker.exe
Size

39KB
MD5

420320e78490a36cf23cb17ffbb13358
SHA1

fcf1151c22f9b8c9e29ec6387b38e6b040bd196e
SHA256

bc13af4eb6cc4917d617785d7e4ad09f64745a9cf06354833e815e9229ce8dcf
SHA512

fe2774fd095c3a3b51b01a1da1c5fcd49b53f939b647c84cdfd3c243cb74644ca2909971bc87d3e5c8781a93c27ac3ef7691625a024008b4f1ffba4c947cd023
SSDEEP

768:KHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJv68Br3czgr:KpgpHzb9dZVX9fHMvG0D3XJvhcu

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Loads dropped DLL 1 IoCs

Processes:

215AppsChecker.exe

pid process

3224 215AppsChecker.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3224	215AppsChecker.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\215AppsChecker.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\215AppsChecker.exe"
1⤵
- Loads dropped DLL
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsn19AE.tmp\StdUtils.dll
Filesize
14KB

MD5
21010df9bc37daffcc0b5ae190381d85

SHA1
a8ba022aafc1233894db29e40e569dfc8b280eb9

SHA256
0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16

SHA512
95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e

Download Submit