kinsing | 8ecba4b9ab5f639c8a3df5ad0856c6b83c96d2c937f2bd2af4fc71907852ccab | Triage

Sharing

General

Target

751ef59be3c954bc0af792f2d426138e
Size

358KB
Sample

240125-v9sacsbhe5
MD5

751ef59be3c954bc0af792f2d426138e
SHA1

a6631f30664a22c9dd5dd08cad96e3149c16adb3
SHA256

8ecba4b9ab5f639c8a3df5ad0856c6b83c96d2c937f2bd2af4fc71907852ccab
SHA512

2b21d28063717038f1ff424b1009841740316e50ee2a5fd7558ae300e84eac056b4a8c8b3fbcdf52bbb28b8a67cd8a5e2024c07a8affb201cb3c811ce14b86ca
SSDEEP

6144:/uMO+BlSNSvJA6yGjspnJJkwxNmm0PYct5xjg40WSXN5JKk3Sm9p5lTRDGrP02Zk:4WLvJeGwnXkdtlqWmf4kiObTlGbrk

Score

10^/10

kinsing loader persistence

Malware Config

Targets

- Target
  
  751ef59be3c954bc0af792f2d426138e
- Size
  
  358KB
- MD5
  
  751ef59be3c954bc0af792f2d426138e
- SHA1
  
  a6631f30664a22c9dd5dd08cad96e3149c16adb3
- SHA256
  
  8ecba4b9ab5f639c8a3df5ad0856c6b83c96d2c937f2bd2af4fc71907852ccab
- SHA512
  
  2b21d28063717038f1ff424b1009841740316e50ee2a5fd7558ae300e84eac056b4a8c8b3fbcdf52bbb28b8a67cd8a5e2024c07a8affb201cb3c811ce14b86ca
- SSDEEP
  
  6144:/uMO+BlSNSvJA6yGjspnJJkwxNmm0PYct5xjg40WSXN5JKk3Sm9p5lTRDGrP02Zk:4WLvJeGwnXkdtlqWmf4kiObTlGbrk
Score

10^/10

persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2