General
-
Target
7517b3ed01832320fb7f8e57a004920a
-
Size
500KB
-
Sample
240125-v1t3labfd6
-
MD5
7517b3ed01832320fb7f8e57a004920a
-
SHA1
38b4080ea05488c8362a25d8c96a854ea09b4ef0
-
SHA256
6612cd94e27c123c6cf45d11fd8118db3f69ea70af05eaa4aabc0ecb9292a269
-
SHA512
84929987f2dd8c165f851d6c69b94ab627c311de63f4b98ec0b1bcd5a810e52f829f14bf89a64fac31fdfc96d7980a4c5fc001588d3d6d6a33891d8552544bd4
-
SSDEEP
6144:BsiIyFVm9E221FHqdA/bZDWZuj3Dvvbj6nq9ECLmYQYQBSNnw5o7NwFFXCYSAl:jIyFA9E221YBZQ3DAtC9NLpfSFFXPSm
Malware Config
Targets
-
-
Target
7517b3ed01832320fb7f8e57a004920a
-
Size
500KB
-
MD5
7517b3ed01832320fb7f8e57a004920a
-
SHA1
38b4080ea05488c8362a25d8c96a854ea09b4ef0
-
SHA256
6612cd94e27c123c6cf45d11fd8118db3f69ea70af05eaa4aabc0ecb9292a269
-
SHA512
84929987f2dd8c165f851d6c69b94ab627c311de63f4b98ec0b1bcd5a810e52f829f14bf89a64fac31fdfc96d7980a4c5fc001588d3d6d6a33891d8552544bd4
-
SSDEEP
6144:BsiIyFVm9E221FHqdA/bZDWZuj3Dvvbj6nq9ECLmYQYQBSNnw5o7NwFFXCYSAl:jIyFA9E221YBZQ3DAtC9NLpfSFFXPSm
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1