kinsing | b484d80a99b9fcd1f060955d2ee645c2a3ad04ad7c51f29121ba28b21e524557 | Triage

Sharing

General

Target

751abbc5a0f05d1b820100cb82287e01
Size

3.3MB
Sample

240125-v4xb5abgc7
MD5

751abbc5a0f05d1b820100cb82287e01
SHA1

6ca1803f032645ccadee25198bc6426e7699def9
SHA256

b484d80a99b9fcd1f060955d2ee645c2a3ad04ad7c51f29121ba28b21e524557
SHA512

1634e4a48d4cefade4c2e39669ff2805ec98993976651562ad5541ee187ae0d19f931de9963a5a43984633b7ebcbdfd33c1c84e757b879ae50fcdddc36625372
SSDEEP

98304:leo85rX27B2nUTRUDMVHiJy5ORUxkye6BRWLyDlb:lZHdaeUII8OYR

Score

10^/10

kinsing evasion loader persistence

Malware Config

Targets

- Target
  
  751abbc5a0f05d1b820100cb82287e01
- Size
  
  3.3MB
- MD5
  
  751abbc5a0f05d1b820100cb82287e01
- SHA1
  
  6ca1803f032645ccadee25198bc6426e7699def9
- SHA256
  
  b484d80a99b9fcd1f060955d2ee645c2a3ad04ad7c51f29121ba28b21e524557
- SHA512
  
  1634e4a48d4cefade4c2e39669ff2805ec98993976651562ad5541ee187ae0d19f931de9963a5a43984633b7ebcbdfd33c1c84e757b879ae50fcdddc36625372
- SSDEEP
  
  98304:leo85rX27B2nUTRUDMVHiJy5ORUxkye6BRWLyDlb:lZHdaeUII8OYR
Score

10^/10

evasion persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

kinsingevasionloaderpersistence