kinsing | efd85583ad5df1e4033da39a713f3348e500a64c3fef9ba527d41858ad83eb85 | Triage

Sharing

General

Target

74f7db9c6976a33b3b2411d8a37b0619
Size

506KB
Sample

240125-tyhq4safc6
MD5

74f7db9c6976a33b3b2411d8a37b0619
SHA1

d15504292e54bb4c3e5837635210eb60754ff6c0
SHA256

efd85583ad5df1e4033da39a713f3348e500a64c3fef9ba527d41858ad83eb85
SHA512

d399604ed8c52d90b2e9dde58e0ac83a8cf1235880a33d3bfd2668f1613050965e2941bd7f0f66e4829a93c3464898a6c658588a9f04b50405b1fb228d635bd9
SSDEEP

12288:UXsyl/1WmGX62m6gjx28EWld2XGkkTMmCDNXchcPAocNuVpa1+o/g:Csy2jZpg2CBTTgiCAo4uVpfo/g

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  74f7db9c6976a33b3b2411d8a37b0619
- Size
  
  506KB
- MD5
  
  74f7db9c6976a33b3b2411d8a37b0619
- SHA1
  
  d15504292e54bb4c3e5837635210eb60754ff6c0
- SHA256
  
  efd85583ad5df1e4033da39a713f3348e500a64c3fef9ba527d41858ad83eb85
- SHA512
  
  d399604ed8c52d90b2e9dde58e0ac83a8cf1235880a33d3bfd2668f1613050965e2941bd7f0f66e4829a93c3464898a6c658588a9f04b50405b1fb228d635bd9
- SSDEEP
  
  12288:UXsyl/1WmGX62m6gjx28EWld2XGkkTMmCDNXchcPAocNuVpa1+o/g:Csy2jZpg2CBTTgiCAo4uVpfo/g
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2