kinsing | 4a4829aa6f004dec9875b61a271209295d26a89c97493626de5f3c4e7cbd6ac9 | Triage

Sharing

General

Target

2024-01-25_47d30fed070947d821d2b4375d7bdf99_cryptolocker
Size

51KB
Sample

240125-v1m92sceej
MD5

47d30fed070947d821d2b4375d7bdf99
SHA1

e91bbf372518bf8c426642b31556da58a0393db6
SHA256

4a4829aa6f004dec9875b61a271209295d26a89c97493626de5f3c4e7cbd6ac9
SHA512

66f10d75e162636835fac12bbfe5ac33b4b603f78b91db41f0743b09b9d39a0a9db0ad5c9eb43c7ff3ef88c26a90c0a16d5c19eeda4353febc044b5a0ef2989a
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdO50:ZVxkGOtEvwDpjcu

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  2024-01-25_47d30fed070947d821d2b4375d7bdf99_cryptolocker
- Size
  
  51KB
- MD5
  
  47d30fed070947d821d2b4375d7bdf99
- SHA1
  
  e91bbf372518bf8c426642b31556da58a0393db6
- SHA256
  
  4a4829aa6f004dec9875b61a271209295d26a89c97493626de5f3c4e7cbd6ac9
- SHA512
  
  66f10d75e162636835fac12bbfe5ac33b4b603f78b91db41f0743b09b9d39a0a9db0ad5c9eb43c7ff3ef88c26a90c0a16d5c19eeda4353febc044b5a0ef2989a
- SSDEEP
  
  1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdO50:ZVxkGOtEvwDpjcu
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2