kinsing | 0439a8f2751ae3b3a084ff8df14257c8337815670ba1d07931a2de2fd36cdfcd | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-01-25...er.exe

windows7-x64

7

2024-01-25...er.exe

windows10-2004-x64

Sharing

General

Target

2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber
Size

5.5MB
Sample

240125-v5363abgf2
MD5

ae7b34e264e11f50cea8e45395ea6f02
SHA1

3f1aa1afb4573bba5e551dc082bd7292978c0096
SHA256

0439a8f2751ae3b3a084ff8df14257c8337815670ba1d07931a2de2fd36cdfcd
SHA512

e5c47e0a74552f69b3443afb501a36258b12293b503b09d3b0b5dd2a5545ed458ea99f1c80591fbba433cf9bf8c8426e15bc1af792570698e9e6f4abb62922e8
SSDEEP

98304:cpEEYEKdrL/LGgB32V/sosbjy79tJRPNXwY2heuDiD93YC:cpEPyS36/sXbjyDFWeuDIG

Score

10^/10

kinsing discovery loader spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe

Resource

win7-20231129-en

discovery spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe

Resource

win10v2004-20231222-en

kinsing discovery loader spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber
- Size
  
  5.5MB
- MD5
  
  ae7b34e264e11f50cea8e45395ea6f02
- SHA1
  
  3f1aa1afb4573bba5e551dc082bd7292978c0096
- SHA256
  
  0439a8f2751ae3b3a084ff8df14257c8337815670ba1d07931a2de2fd36cdfcd
- SHA512
  
  e5c47e0a74552f69b3443afb501a36258b12293b503b09d3b0b5dd2a5545ed458ea99f1c80591fbba433cf9bf8c8426e15bc1af792570698e9e6f4abb62922e8
- SSDEEP
  
  98304:cpEEYEKdrL/LGgB32V/sosbjy79tJRPNXwY2heuDiD93YC:cpEPyS36/sXbjyDFWeuDIG
Score

10^/10

discovery spyware stealer kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

kinsingdiscoveryloaderspywarestealer

© 2018-2024

Terms | Privacy