Overview

overview

10

Static

static

10

2024-01-25...er.exe

windows7-x64

9

2024-01-25...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_561a19f1368139296bbd40a9711f04d7_cryptolocker

  • Size

    99KB

  • Sample

    240125-v19s2sbfe8

  • MD5

    561a19f1368139296bbd40a9711f04d7

  • SHA1

    f11aedfb20221a159604336012682a6146278686

  • SHA256

    4e042b9356844d81d04cb58c2a516d62966b0ac1e90c3dee53a0ed0323ef84a1

  • SHA512

    12857020a9f66aa5bc9ec7905bd0b96355d0b1409c339157e16e4eefb1711ba8af77aa10fce2628fad1b0b5861d8a4a649957627ddd4809d6b3cd4dfce551cfa

  • SSDEEP

    768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWNa9mktJHlv/k2+:xj+VGMOtEvwDpjubwQEIiVmkxv/i

Score
10/10
kinsingloader

Malware Config

Targets

    • Target

      2024-01-25_561a19f1368139296bbd40a9711f04d7_cryptolocker

    • Size

      99KB

    • MD5

      561a19f1368139296bbd40a9711f04d7

    • SHA1

      f11aedfb20221a159604336012682a6146278686

    • SHA256

      4e042b9356844d81d04cb58c2a516d62966b0ac1e90c3dee53a0ed0323ef84a1

    • SHA512

      12857020a9f66aa5bc9ec7905bd0b96355d0b1409c339157e16e4eefb1711ba8af77aa10fce2628fad1b0b5861d8a4a649957627ddd4809d6b3cd4dfce551cfa

    • SSDEEP

      768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWNa9mktJHlv/k2+:xj+VGMOtEvwDpjubwQEIiVmkxv/i

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • Detects executables built or packed with MPress PE compressor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks