kinsing | 3581e0be4c1e8248b9a2533eb77f00ff2aa0736499dc7cdc84679035dd4476b8 | Triage

Sharing

General

Target

751b303b3923e73425d72689f2241bdd
Size

48KB
Sample

240125-v5gcascffp
MD5

751b303b3923e73425d72689f2241bdd
SHA1

6cab0f37374ef05634ac4110f7382628cd5a7283
SHA256

3581e0be4c1e8248b9a2533eb77f00ff2aa0736499dc7cdc84679035dd4476b8
SHA512

9dde8567744afb7aee941b570b3dc868310101c330ca3aa7ea711d8bdadbd1fd77ad696510c3bbaabfee9e9c21438417f3fe163fb0a4d435775e22cb4189671b
SSDEEP

768:4puk4x0JxJ137DEJRuJI8+8V4abjEjahVV9E062JLLCEnX:yZ4x0JxfDEvuC8KabjEjahVV9E1Li

Score

10^/10

kinsing evasion loader persistence

Malware Config

Targets

- Target
  
  751b303b3923e73425d72689f2241bdd
- Size
  
  48KB
- MD5
  
  751b303b3923e73425d72689f2241bdd
- SHA1
  
  6cab0f37374ef05634ac4110f7382628cd5a7283
- SHA256
  
  3581e0be4c1e8248b9a2533eb77f00ff2aa0736499dc7cdc84679035dd4476b8
- SHA512
  
  9dde8567744afb7aee941b570b3dc868310101c330ca3aa7ea711d8bdadbd1fd77ad696510c3bbaabfee9e9c21438417f3fe163fb0a4d435775e22cb4189671b
- SSDEEP
  
  768:4puk4x0JxJ137DEJRuJI8+8V4abjEjahVV9E062JLLCEnX:yZ4x0JxfDEvuC8KabjEjahVV9E1Li
Score

10^/10

evasion persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2