Overview

overview

10

Static

static

10

2024-01-25...er.exe

windows7-x64

9

2024-01-25...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_a9d2346b879000d8683da1102604210e_cryptolocker

  • Size

    40KB

  • Sample

    240125-v5gcascffn

  • MD5

    a9d2346b879000d8683da1102604210e

  • SHA1

    ce453f13f3568629cf2463a9e97bde3c7f109021

  • SHA256

    9428e9731d6599a663b3e02e4baa2ad00d2f764653bb39abbd40fc486bbbbfb5

  • SHA512

    4fc97eeb25fa32dc9cd8e84fbf699f34459cf5543cff117486b6fe75925eda1d9c4790bec28073045e0c57fc66da03d578161d9fb20100083dec113b97fcfcc0

  • SSDEEP

    384:60VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26aIIcVRYpetOOtEvwDpjqIGRmdHzOOo:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqh6/G

Score
10/10
kinsingloader

Malware Config

Targets

    • Target

      2024-01-25_a9d2346b879000d8683da1102604210e_cryptolocker

    • Size

      40KB

    • MD5

      a9d2346b879000d8683da1102604210e

    • SHA1

      ce453f13f3568629cf2463a9e97bde3c7f109021

    • SHA256

      9428e9731d6599a663b3e02e4baa2ad00d2f764653bb39abbd40fc486bbbbfb5

    • SHA512

      4fc97eeb25fa32dc9cd8e84fbf699f34459cf5543cff117486b6fe75925eda1d9c4790bec28073045e0c57fc66da03d578161d9fb20100083dec113b97fcfcc0

    • SSDEEP

      384:60VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26aIIcVRYpetOOtEvwDpjqIGRmdHzOOo:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqh6/G

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • Detects executables built or packed with MPress PE compressor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks