General
-
Target
75179f771ae50bdec9ff348ae7f6e537
-
Size
3.2MB
-
Sample
240125-v1n7cabfc9
-
MD5
75179f771ae50bdec9ff348ae7f6e537
-
SHA1
d9ef20c61292bd734e7274a83c82829d2ac3eada
-
SHA256
300fe6224578b1254a43444f7e1783dd608a6c065d4e6089e7560e719fc787b2
-
SHA512
d316ca31d4d611a58efc90cde5eb853fe7ccf0b2ba3fb6f28dc8e7918950afb5e30bb9ff66c6262575eb3fa86436b3764257e20c670e0437c7e5935b038d1028
-
SSDEEP
98304:cc/EcTroA9F73s7dPrMO2jcDrpbDZx9b/n:0cTrXF7cy9cDFJvn
Malware Config
Targets
-
-
Target
About.chm
-
Size
9KB
-
MD5
ce019bb7fbebc11af169ed3f165ae83e
-
SHA1
56d309fe66614b110cff0fb9b445943b0d0158e3
-
SHA256
321d8125b5b7c0b17d47250a9745a477df1094994992171510c5a308a116cf9d
-
SHA512
390370d15ffd04c8712ee74cfafad2b69d92fea6feb35aefcb5b00add1682b0d59b7c239ced8e7ab160c3a4aa43b781fed366b91b09a21c5f4275b3d5b9be321
-
SSDEEP
48:CS1QOl0EQRlEFlErlElN5s/wWbQa9jWavVLYHNKkQOFK5HPW/e0:CS1QQZR8Rt0Nk/5vW/
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
-
-
Target
Setup_s34.exe
-
Size
81KB
-
MD5
790d506cbf467ed499fcb03d311e405e
-
SHA1
2d4c2a6f8b11498f736b8432cf016c98fbd45a1b
-
SHA256
236f71b0e60e1025c1bfb7ee85b7c156a81428427eeb04d215ed265e2a3d01a5
-
SHA512
210e080c7cfccf7e3511bbc9128e25a2e87200cb2deb5cf4924d7f47fcd2bf9c6a83a819d1a23116126fee323978aabc1db5d4a10d324b9643627f601d0a8d42
-
SSDEEP
1536:sm0D+h7JiBvgGeRT9ZSdNoRJP5gk8WmSAybU7JfjOagXdLLWPBVJCK2PKKkYM5M0:oD+JYBIzT9ZwNoRJPB8uAd7AafnhVX51
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
baid.dll
-
Size
227KB
-
MD5
b0af6e16283c6a34400c6859e35b236d
-
SHA1
d114c3a26e79b11facbeb42b8cea528bc903aaa5
-
SHA256
2f765008ab3b84766ac87b1e508ed5ae0c421c21fd5a74d5070bda0cf1502810
-
SHA512
51cce66b80cc73c339295988a38b6b678285192417189533e8afe1f8dfe66430ad7496fef0dbb76e1b240831fbe63767b8f0180edef9aa7c4e2a16d4c053273a
-
SSDEEP
6144:Bu3dwQ0I2XyxnAy0SN41nv2DiJXBfWjNs6sm0P65:kN3qY4h2DiXdWRbszS5
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
bind_8152.exe
-
Size
48KB
-
MD5
3764b69cba97fc72e79b293db85805da
-
SHA1
4a90aeb55276c571880251ef37b344a2ae68e702
-
SHA256
28acf11675da22778790dc492bf9f75a6db36ca3c125b3cee47cbfb0677192a4
-
SHA512
08f3ab8ef193c2b6efa304743d8a75b4b25babc2684e0dff9323e779f6353acdaba9a42af835132e37590511067d901b13306d5645155eec29b0f9051cb10f06
-
SSDEEP
1536:fPgXwpm4RmzZwCnUF2ICqdkJI6cbHDhyb8G:fPgXLdqF2fqdkJIhnO8G
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Loads dropped DLL
-
-
-
Target
duisc.dll
-
Size
262KB
-
MD5
28199122b75f244cd44d2dfc0107dc03
-
SHA1
5a8b0ad0cdd4864d421916f5034a6913035750c1
-
SHA256
a345cbd37c52c9926d789826a82f1d1a17986d1833e21ffc97afed70e1a0a4e1
-
SHA512
331755f64a8d41332e59787b628f26c526340bc73eb7acbecf1fe6ac461710d6b97fa524556ac53a23118f2e0f4649659701ca018d47e9749c3901c2f71aebe5
-
SSDEEP
3072:XHYR8jkJ5y+wLjOKWeKI9hyqfDydmfPmbAT2V1p9p7/Wg8gV6tZy4co28kd+06bb:oEXueBjyAGkqV1pPWVw4BEe5uqmGv
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
edmtd.dll
-
Size
68KB
-
MD5
206bdf1db7e2ffe38950ac59aaa20ea1
-
SHA1
43a814f9093e9c58c3ae285bdd2cd511f5435012
-
SHA256
3b7cd3479ddf35d5d803a14db014a6e7a1748afc8574e95b38e72990245fb473
-
SHA512
a5a141801a33c5e3bbfb02a0153457a480bee35706c3f5598e5509c958424b058d5934eaeb6f4dbfa0a624f2f5f387af6bbd54f726f1ae1641e98b344f9f933c
-
SSDEEP
1536:e3EAK3nQW/XNrcvkN4koAhdqp+e6ulcIgsuN9mB:HtnQW/XokN4koAhdq1cFsKmB
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
itadx.exe
-
Size
649KB
-
MD5
5e39f718790c8ab61b5fda0607ab046b
-
SHA1
be58a7d81bec145e61b291b9ba07d153b17fdb1d
-
SHA256
40a4758940e1bce888e96d4aa27c24032805a41700d5a0af5bddc174e247c683
-
SHA512
f08366a667eff30a3cb95f5ce37b712c55cbd251449eed0db24fee39f1a412d4924371db7444478fee7d5ee56a1835f5165bd2772fe7a97d3d94d1d96feed67e
-
SSDEEP
12288:L2qoY5sffWpiTHkfRvEwhc5Yh9gH1NcMRoNvia9N0HFW+DgnhLvLQ9WVB57:1GA0HkpvEwh2Yng8MRoAcCfghLLQ9OBV
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
ly2_03.exe
-
Size
220KB
-
MD5
e3562b5847e33d08be4ae083aed5c54b
-
SHA1
c45e91c23b4b312f438d0f08937f4bd77db0263d
-
SHA256
492d443d016eed1be36977c7dd148a2bddc62b6f6a04623e1b74578ac00181b9
-
SHA512
fc97747c0a19f8d4810a7b6116cff37ac3d49bd65fe1bd89f6c366e7b35c66da71638cc010f5d4e8558d7d308551a65f899d50e142b196369c18f88d0a9be4d1
-
SSDEEP
1536:XmcjI6qnGJWh7jtCY4d/2uXAEaTKKNZuYfoIRSPVOklNmUSxxbZl99JF:XHGnGAl5id+kQfJoIOVOklNmUSxx
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
pcast.dll
-
Size
542KB
-
MD5
dad4aede2fd849808e65c571c3bac6d9
-
SHA1
f070fe992379247e50105cae1a418d7e0e898876
-
SHA256
ff2a609b9fa369dc77d410b56fd3f0f16758aad6c3c21702e325cc5a2d133c9a
-
SHA512
7eff93e06144857e8633023c7c0a8f84adf06aa412b56c41d9a42f1d0e9e93d356898629930b6d01d4807153a39afda57e4034f19a04b2b754e922171e191a8f
-
SSDEEP
12288:SKoFAyW66UYsvrVN4ARGMJhBworlrHzC10K8+TqPE3l8OQxD:noFAM7oAlhB7r5TCSj+OPM8OqD
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Modifies firewall policy service
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
pingtu12.EXE
-
Size
682KB
-
MD5
f5ef2103157f29abce4d8ef8a7cd4f0f
-
SHA1
d734722aba0defb08ad6b3d8d591d27e52e94a45
-
SHA256
2ea482e3d7164e220d53f2cac1aba72f220f4115813e42f83fd5ae18d437109d
-
SHA512
3f513b16c56d7e65cb9c5751dc7858603f07c284ab763174286354c0eab42d8e9340121ab314bd4301e657562f97cc9796568c9a7bb21e68a01227fae13ae1ea
-
SSDEEP
12288:/QKN6IRqG8/4CepHagrYYooT3MHsRBAb4eY0YM5A2mN9ZzUJ4ZUBc:/JRf8/4C/gria6ss4V1M5AXN9k
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
-
-
Target
qqa02_u88setup.exe
-
Size
52KB
-
MD5
12c1ff63ec91a8171528a56d4d4c2b8a
-
SHA1
9001f9552a7fede019c2c442e1db7f6e8646bc95
-
SHA256
684e89322a208eac8469d6c2bc6d359dcd9d3f9ce256f336fe5bfbdb944bb2c4
-
SHA512
ab3a0e108a1ca87b8c1e629c7f6a8c415b98e8fe5f6a64d7a32d95b524b04e016ae850efe4715e063a047abd347925ef0e9c63c746ccbd151107131e0fbc5633
-
SSDEEP
768:qBzvOHcki1zN3Vl5g/zg70md3fAvTcNvQ+cAnviOPaWyRI5VvCzfaXhWIQsNi:6vpkivUxmd3fuXu5yWyW5RBXb
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
sdcnc.dll
-
Size
392KB
-
MD5
398f96444139b43b35d6289bb0776f72
-
SHA1
ab438b20f0bce00fbc8c3aea1005081afff5aa20
-
SHA256
ae4a369f277bddbd6e96c0c7eec9e98bb9e64f45c214431aa3b468736cd37adf
-
SHA512
91517038e8648c9b2ad6d71522dc8c27adbe4b495722a0ec43b9e3518eb6636e960678357ac1980d10f29cebaac43617bb6b2a87fea29f11beb02862cb89142c
-
SSDEEP
6144:BhJRTGEOMeCIlCa3trysCiTk/4i/HaYrriK4akAIyXY4br+vUmZrSc0OsgS3n:BtSCc0wkwivaOriK4azIyXvgaGSX
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
sdpig.dll
-
Size
125KB
-
MD5
1c0356a4d34f36e2ee3cba5ab3aaabd8
-
SHA1
13c218d5205bcd2d0b244278787629d6f4ee842e
-
SHA256
df8fc44f5b858f79a9cc033b6245e88aa829f057ad077aa379ada32dd4889434
-
SHA512
fb098eb6ed3dde834247eab7af2a5cb1644fdeaa5030e44d80d37dc898145925f4162a836499619d46bbf44fbe9a97d902f1aa69e30b1f3ee7c8fe44c30198ef
-
SSDEEP
3072:8sv1gkIVWIkWdn4V/nfQWIjfJ1AZDHuEz3BHG0x+:UhWJWd4UjR+ROEz
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
sdreg.exe
-
Size
76KB
-
MD5
129b59d607de4d7a98220247ebf334db
-
SHA1
34d1608670d7128abf2813e5815f61c165a1c7a9
-
SHA256
2e860b5e17b5af4b3cd5913117f29bf68cdec43681c5c54a0d25d3066559c2bd
-
SHA512
5c2e200aa9c6de7e60ff84bca57695e27b082374c88cd06f04c617464bedd60816d400fada2f9adf92ffaecc64f2d64ebc87b7830a3d4308ccb35152499c1b48
-
SSDEEP
1536:C79/0G5Nj38T29AmRe1sLtb0JDck+GhaWqzss:Ch7NKf1sLtAJgk+G8ws
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
-
-
Target
sdset.exe
-
Size
151KB
-
MD5
3b2dd1df009c0c3af033244bf25bdcab
-
SHA1
80967024aac1030cc5d1d3090fcf960541f49307
-
SHA256
42458c56c75dfe69aa1f109af0fa4aadcad1b2b9a09573d5a7de1d59f27359d6
-
SHA512
6615be9ba9ca4afc4caa466e71a7c62a3d99e244be27ccc8342f0589acfe5dbe41340b4b5d5654c748b254908a528cbfc52911ad337ef7cd14b69ffb7dbe02fb
-
SSDEEP
3072:LFPFjfDhOQ8+he6tVfWqFhnZgW+YI9UdxJWpLGIn40ZBoctjFTqneqPE7k:LJNFO8e2WqfZgrWCjt0ctpmnBP6k
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Modifies firewall policy service
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
sogoutb_setup_pp365sosoft08mini.exe
-
Size
278KB
-
MD5
92b357a9f68dfa0258054e456abbc7d9
-
SHA1
c73faf7d44f0ffc916822d6f5f31b2c83805a46a
-
SHA256
c131b74cb45585d0cd4fceee3ac98f7a0a5ac1679da9f38e6723d8915ea5ae26
-
SHA512
06330dc13a4ebcb6d0560ca81c53767e36a79d4f43be18d0175d201fd4c866d4f856b7afcedac30f1516717427f02c5633ebeac1a94a96ab7da02d4ec3ffce52
-
SSDEEP
6144:fPC9FFCLep04dvAg3BF0N0xi2Gm09w+uTK4wai/KmgHxaoHjgOA:XC/uemsVLOWnGeVmcagMOA
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1