kinsing | 94354463bfa6788e255cd863e16920c969413b9f11e6169a07a4627a76db2c21 | Triage

Sharing

General

Target

2024-01-25_57cc69f1531d6e9e59bb86b507d25142_mafia_nionspy
Size

288KB
Sample

240125-v2c6gacefk
MD5

57cc69f1531d6e9e59bb86b507d25142
SHA1

dc74f73576ab35d7109021402df9958edcc68f63
SHA256

94354463bfa6788e255cd863e16920c969413b9f11e6169a07a4627a76db2c21
SHA512

c0fce2ce65456f8f8d590db133ccaa7f95f65b71bc6db1d4851c007e89b881522de5decb5483755167c97c412c129d72abdbf21c3bafa913d4bd5232ecff7287
SSDEEP

6144:9Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:9QMyfmNFHfnWfhLZVHmOog

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  2024-01-25_57cc69f1531d6e9e59bb86b507d25142_mafia_nionspy
- Size
  
  288KB
- MD5
  
  57cc69f1531d6e9e59bb86b507d25142
- SHA1
  
  dc74f73576ab35d7109021402df9958edcc68f63
- SHA256
  
  94354463bfa6788e255cd863e16920c969413b9f11e6169a07a4627a76db2c21
- SHA512
  
  c0fce2ce65456f8f8d590db133ccaa7f95f65b71bc6db1d4851c007e89b881522de5decb5483755167c97c412c129d72abdbf21c3bafa913d4bd5232ecff7287
- SSDEEP
  
  6144:9Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:9QMyfmNFHfnWfhLZVHmOog
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2