kinsing | 7fa440918a8b62e7f7c85cf7d19cb4cfbbc706b1546e40dfe789c2c7144c5536 | Triage

Sharing

General

Target

74f8f0d4d2d17f3a63e2c95ce62aa991
Size

313KB
Sample

240125-tzxxesbedn
MD5

74f8f0d4d2d17f3a63e2c95ce62aa991
SHA1

e3a1ff16f0a67b5c534e096082b240f3a2cc24e9
SHA256

7fa440918a8b62e7f7c85cf7d19cb4cfbbc706b1546e40dfe789c2c7144c5536
SHA512

53d6dc61b641e729b084f83dee20d460ca985e18a1f50cf635b8c8a49bb6edf75f418809fc49a91ccedbbeec8558f3ac40dcb7c7dee1f0c9e250250d01de6a3d
SSDEEP

6144:8d93ZBZMbqYgomHmXX7tiPkRcUN9eEKati3M2lht93hyBPSDpSLF89nx:8r3ZBIRAcRDN0EKatmh3hOPipSL8nx

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  74f8f0d4d2d17f3a63e2c95ce62aa991
- Size
  
  313KB
- MD5
  
  74f8f0d4d2d17f3a63e2c95ce62aa991
- SHA1
  
  e3a1ff16f0a67b5c534e096082b240f3a2cc24e9
- SHA256
  
  7fa440918a8b62e7f7c85cf7d19cb4cfbbc706b1546e40dfe789c2c7144c5536
- SHA512
  
  53d6dc61b641e729b084f83dee20d460ca985e18a1f50cf635b8c8a49bb6edf75f418809fc49a91ccedbbeec8558f3ac40dcb7c7dee1f0c9e250250d01de6a3d
- SSDEEP
  
  6144:8d93ZBZMbqYgomHmXX7tiPkRcUN9eEKati3M2lht93hyBPSDpSLF89nx:8r3ZBIRAcRDN0EKatmh3hOPipSL8nx
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2