kinsing | 9fe372a8eba0110c955fb7e14a35d816e90b0e3a138a25149c1d29c9e4e0bd99 | Triage

Sharing

General

Target

74f431ce5bc17e1523b38eec734d9c68
Size

66KB
Sample

240125-tszsfabdbn
MD5

74f431ce5bc17e1523b38eec734d9c68
SHA1

765e8ee95a455fc8e545e247c3beff4a0b84d5ce
SHA256

9fe372a8eba0110c955fb7e14a35d816e90b0e3a138a25149c1d29c9e4e0bd99
SHA512

45f05d5eadffeea57234bc21a21c07310938f1320de5169e1ead0df354b6dbf4543302047d75bcc2a48d6e96760efcce73dbc7ed33b5519b89923d62431e6d2b
SSDEEP

1536:bxiNXxDtjW3YXq1mBqZyrnQN0gMt3RySgGakaY/Wjd+LMC:bxiNhDtqIaU0yrno0ZthPggDcq

Score

10^/10

kinsing aspackv2 loader persistence

Malware Config

Targets

- Target
  
  74f431ce5bc17e1523b38eec734d9c68
- Size
  
  66KB
- MD5
  
  74f431ce5bc17e1523b38eec734d9c68
- SHA1
  
  765e8ee95a455fc8e545e247c3beff4a0b84d5ce
- SHA256
  
  9fe372a8eba0110c955fb7e14a35d816e90b0e3a138a25149c1d29c9e4e0bd99
- SHA512
  
  45f05d5eadffeea57234bc21a21c07310938f1320de5169e1ead0df354b6dbf4543302047d75bcc2a48d6e96760efcce73dbc7ed33b5519b89923d62431e6d2b
- SSDEEP
  
  1536:bxiNXxDtjW3YXq1mBqZyrnQN0gMt3RySgGakaY/Wjd+LMC:bxiNhDtqIaU0yrno0ZthPggDcq
Score

10^/10

aspackv2 persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Sets DLL path for service in the registry
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

kinsingaspackv2loaderpersistence