kinsing | fc53b8c15b9306fdeabdbb543e7d5b454f0e23fe7dbb4c07aa881d1bd82cbc4f | Triage

Sharing

General

Target

74f6764dcfaf9ce6c8b0240489f7af1f
Size

36KB
Sample

240125-twprmsaeg9
MD5

74f6764dcfaf9ce6c8b0240489f7af1f
SHA1

abe5316a7658622a927d87feb57992bc562405bb
SHA256

fc53b8c15b9306fdeabdbb543e7d5b454f0e23fe7dbb4c07aa881d1bd82cbc4f
SHA512

ceed2e8ff6044cf6fa67cb511fd7e1b5431a7c467689fb8837c2edc81543a170b6d635f99cdbfde00d5d3ae21c26bf3a4d866da016df8fab944de84867314eb0
SSDEEP

768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJezaHkho6a39YQQICQMEbdUm11S:Yok3hbdlylKsgqopeJBWhZFGkE+cL2N3

Score

10^/10

kinsing loader macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

- Target
  
  74f6764dcfaf9ce6c8b0240489f7af1f
- Size
  
  36KB
- MD5
  
  74f6764dcfaf9ce6c8b0240489f7af1f
- SHA1
  
  abe5316a7658622a927d87feb57992bc562405bb
- SHA256
  
  fc53b8c15b9306fdeabdbb543e7d5b454f0e23fe7dbb4c07aa881d1bd82cbc4f
- SHA512
  
  ceed2e8ff6044cf6fa67cb511fd7e1b5431a7c467689fb8837c2edc81543a170b6d635f99cdbfde00d5d3ae21c26bf3a4d866da016df8fab944de84867314eb0
- SSDEEP
  
  768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJezaHkho6a39YQQICQMEbdUm11S:Yok3hbdlylKsgqopeJBWhZFGkE+cL2N3
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2