kinsing | 3caa0329ccc10b15195ad2cc9eca48c78d053ce85be71262721a8d0a6b2a1953 | Triage

Sharing

General

Target

2024-01-25_bc8d787dd7e65b0f128d8282b842aff9_cryptolocker
Size

31KB
Sample

240125-v63xpacgbk
MD5

bc8d787dd7e65b0f128d8282b842aff9
SHA1

13e89ec190da1f31b2c7a35d2f3791f08cc17a17
SHA256

3caa0329ccc10b15195ad2cc9eca48c78d053ce85be71262721a8d0a6b2a1953
SHA512

4c52a86e3cca8583ac727c08e6ffb4255f94c256b2427666ce0a272bbc82ca96296ff008bd60d0a6e6ea873327f7b5c1adf4a1043113e0b1e7d6a63b27bee5eb
SSDEEP

384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cuM932:bAvJCYOOvbRPDEgXRcuM9m

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  2024-01-25_bc8d787dd7e65b0f128d8282b842aff9_cryptolocker
- Size
  
  31KB
- MD5
  
  bc8d787dd7e65b0f128d8282b842aff9
- SHA1
  
  13e89ec190da1f31b2c7a35d2f3791f08cc17a17
- SHA256
  
  3caa0329ccc10b15195ad2cc9eca48c78d053ce85be71262721a8d0a6b2a1953
- SHA512
  
  4c52a86e3cca8583ac727c08e6ffb4255f94c256b2427666ce0a272bbc82ca96296ff008bd60d0a6e6ea873327f7b5c1adf4a1043113e0b1e7d6a63b27bee5eb
- SSDEEP
  
  384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cuM932:bAvJCYOOvbRPDEgXRcuM9m
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2