kinsing | 04c6c07e6af92c6148453cba27fa286afe905b87fef3e35121bb259e20484fe3 | Triage

Sharing

General

Target

74f55a30c3d053109039d1323ab64db1
Size

1.5MB
Sample

240125-tvaw4abddn
MD5

74f55a30c3d053109039d1323ab64db1
SHA1

2c119dae3c57c7e4a5e0a893bed9e01a3e228256
SHA256

04c6c07e6af92c6148453cba27fa286afe905b87fef3e35121bb259e20484fe3
SHA512

b8944ebfa643611ff3def0a9680c0775d3947640c2ef653becbf19cd2eaa8a0a145cecff454be391b5bed53778c16dccf701e1561c9246974100b1f4e72f2af2
SSDEEP

24576:BSLXeYCOLvNSj7bl/narnAN+fhB9tDtrxS7ECq8yvO1xLjYAR4ghdKNIz7xrVKE:qxLvoxCrnfhtrxBRmLAa4ghkoNVKE

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  74f55a30c3d053109039d1323ab64db1
- Size
  
  1.5MB
- MD5
  
  74f55a30c3d053109039d1323ab64db1
- SHA1
  
  2c119dae3c57c7e4a5e0a893bed9e01a3e228256
- SHA256
  
  04c6c07e6af92c6148453cba27fa286afe905b87fef3e35121bb259e20484fe3
- SHA512
  
  b8944ebfa643611ff3def0a9680c0775d3947640c2ef653becbf19cd2eaa8a0a145cecff454be391b5bed53778c16dccf701e1561c9246974100b1f4e72f2af2
- SSDEEP
  
  24576:BSLXeYCOLvNSj7bl/narnAN+fhB9tDtrxS7ECq8yvO1xLjYAR4ghdKNIz7xrVKE:qxLvoxCrnfhtrxBRmLAa4ghkoNVKE
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2