kinsing | 48a1c1598c22ac9cc542a860bca6a36b1a17bbbad7fdbd67f009eeb897ed1990 | Triage

Sharing

General

Target

75016c7b700abe6cba6192b6c8f28023
Size

162KB
Sample

240125-vagpksahh8
MD5

75016c7b700abe6cba6192b6c8f28023
SHA1

c5521cdde5c8d92d82ee8f65b37dbe0358774cff
SHA256

48a1c1598c22ac9cc542a860bca6a36b1a17bbbad7fdbd67f009eeb897ed1990
SHA512

6bbe0ba7e33b5234fa78040bd44986cad5266d58798722ca4352ef8281e5d796674b8e596bab075d4a4cc17334b4269f1d143f86ee9e36a05760ed8a63953eed
SSDEEP

3072:rUMvX9XPrDLGo2XddB6DUHiNbEpvQTes8eHxjnkeLJIyMv56wy:rUM/9XPrDKo2zUlBEpzmxjnpLJaQ5

Score

10^/10

kinsing adware loader persistence stealer

Malware Config

Targets

- Target
  
  75016c7b700abe6cba6192b6c8f28023
- Size
  
  162KB
- MD5
  
  75016c7b700abe6cba6192b6c8f28023
- SHA1
  
  c5521cdde5c8d92d82ee8f65b37dbe0358774cff
- SHA256
  
  48a1c1598c22ac9cc542a860bca6a36b1a17bbbad7fdbd67f009eeb897ed1990
- SHA512
  
  6bbe0ba7e33b5234fa78040bd44986cad5266d58798722ca4352ef8281e5d796674b8e596bab075d4a4cc17334b4269f1d143f86ee9e36a05760ed8a63953eed
- SSDEEP
  
  3072:rUMvX9XPrDLGo2XddB6DUHiNbEpvQTes8eHxjnkeLJIyMv56wy:rUM/9XPrDKo2zUlBEpzmxjnpLJaQ5
Score

10^/10

adware persistence stealer kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

kinsingadwareloaderpersistencestealer