Overview

overview

10

Static

static

10

2024-01-25...er.exe

windows7-x64

9

2024-01-25...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_ea1c97d4a55233587d16fea3d2118c22_cryptolocker

  • Size

    38KB

  • Sample

    240125-v86rcscggk

  • MD5

    ea1c97d4a55233587d16fea3d2118c22

  • SHA1

    c268a4b78ff6bc5f9b59729d0351c4c973b3db52

  • SHA256

    3e6b5e3b5e794c5ed3fac5bf9fb824072730bf7e6816432132088386f186a3b3

  • SHA512

    cd12ca2537e37dda3d48d34b3b807139bffb612f2232469baf0819989e81102291ad52b097f3ec4068d282059f9a8f431602123b59720b7058af771c00a8dc62

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6AJvDSuYlxu2x:b/yC4GyNM01GuQMNXw2PSjHPbSuYl3

Score
10/10
kinsingdiscoveryloader

Malware Config

Targets

    • Target

      2024-01-25_ea1c97d4a55233587d16fea3d2118c22_cryptolocker

    • Size

      38KB

    • MD5

      ea1c97d4a55233587d16fea3d2118c22

    • SHA1

      c268a4b78ff6bc5f9b59729d0351c4c973b3db52

    • SHA256

      3e6b5e3b5e794c5ed3fac5bf9fb824072730bf7e6816432132088386f186a3b3

    • SHA512

      cd12ca2537e37dda3d48d34b3b807139bffb612f2232469baf0819989e81102291ad52b097f3ec4068d282059f9a8f431602123b59720b7058af771c00a8dc62

    • SSDEEP

      384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6AJvDSuYlxu2x:b/yC4GyNM01GuQMNXw2PSjHPbSuYl3

    Score
    10/10
    discoverykinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Detection of CryptoLocker Variants

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks