Overview

overview

10

Static

static

3

2024-01-25...uk.exe

windows7-x64

7

2024-01-25...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_05a1b6c6ff70066a94c1869036bd86ce_ryuk

  • Size

    1.5MB

  • Sample

    240125-twqnyabdfp

  • MD5

    05a1b6c6ff70066a94c1869036bd86ce

  • SHA1

    47a2e096d1c8421ea0d6cb775af6b24156be14f1

  • SHA256

    8f734bb9825a990489f685e068ceebbeeaba0aa0b78aee47bd5f1a3235e13076

  • SHA512

    f2c0c7f80c80e76826b33d0275d6e779235fc5137413e7f2f6b9dba38998c96cd0449653a78f607d4fb527dea352b77dc9b843d45c76c6c73108cff160f14988

  • SSDEEP

    24576:DZ7+qxEOtqZpp0YYtwlGhNsof2e7A+ebC:DZ7++HmpSK8hWomh

Score
10/10
kinsingloaderspywarestealer

Malware Config

Targets

    • Target

      2024-01-25_05a1b6c6ff70066a94c1869036bd86ce_ryuk

    • Size

      1.5MB

    • MD5

      05a1b6c6ff70066a94c1869036bd86ce

    • SHA1

      47a2e096d1c8421ea0d6cb775af6b24156be14f1

    • SHA256

      8f734bb9825a990489f685e068ceebbeeaba0aa0b78aee47bd5f1a3235e13076

    • SHA512

      f2c0c7f80c80e76826b33d0275d6e779235fc5137413e7f2f6b9dba38998c96cd0449653a78f607d4fb527dea352b77dc9b843d45c76c6c73108cff160f14988

    • SSDEEP

      24576:DZ7+qxEOtqZpp0YYtwlGhNsof2e7A+ebC:DZ7++HmpSK8hWomh

    Score
    10/10
    spywarestealerkinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks