kinsing | bcf0a1cfc02d12c3d59d9bd3b40056eb2251cd6dfe617a4cee1d42ba35c7e0e6 | Triage

Sharing

General

Target

75023529b96bc14370a31b857ab370b3
Size

48KB
Sample

240125-vbh9ssbghk
MD5

75023529b96bc14370a31b857ab370b3
SHA1

88b5f8438bb53bc449251524ecf969a5290f45fb
SHA256

bcf0a1cfc02d12c3d59d9bd3b40056eb2251cd6dfe617a4cee1d42ba35c7e0e6
SHA512

dfb972f7d71ec5ec2886a5c7923a1d80e82e859464d4e2ee8a8490255dffb3d59642ec07e6e4f965d78e5b9c67cdff07a2c69e031c1e06c69c3e78afaf580340
SSDEEP

768:84IuN2nnYpZNyvJeoRagq8RszXK2GFokWCF:84IoCnYAJ9afZzxG2kWQ

Score

10^/10

kinsing loader persistence spyware stealer

Malware Config

Targets

- Target
  
  75023529b96bc14370a31b857ab370b3
- Size
  
  48KB
- MD5
  
  75023529b96bc14370a31b857ab370b3
- SHA1
  
  88b5f8438bb53bc449251524ecf969a5290f45fb
- SHA256
  
  bcf0a1cfc02d12c3d59d9bd3b40056eb2251cd6dfe617a4cee1d42ba35c7e0e6
- SHA512
  
  dfb972f7d71ec5ec2886a5c7923a1d80e82e859464d4e2ee8a8490255dffb3d59642ec07e6e4f965d78e5b9c67cdff07a2c69e031c1e06c69c3e78afaf580340
- SSDEEP
  
  768:84IuN2nnYpZNyvJeoRagq8RszXK2GFokWCF:84IoCnYAJ9afZzxG2kWQ
Score

10^/10

persistence spyware stealer kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

kinsingloaderpersistencespywarestealer