kinsing | fbbb7e6ce8d8e953b50c365115df1b31a4efc1272b2fb4b5b43f43b3767029c7 | Triage

Sharing

General

Target

75067eb32bed5ff61f5047abac91503e
Size

907KB
Sample

240125-vfr3habba9
MD5

75067eb32bed5ff61f5047abac91503e
SHA1

e9622610ed6979fc9a56d4d967e12818e1cebc5d
SHA256

fbbb7e6ce8d8e953b50c365115df1b31a4efc1272b2fb4b5b43f43b3767029c7
SHA512

b9d8a768fe4ffcbacaf5192ec40dcc29b1fa664c0d52740991dd30f7fa94a662e4fbfcb996751d392f90922a9813be2b1693254e26bcd85d2da294103751e9ea
SSDEEP

12288:+vhnDFtRJb7N94vcL8V/u8IlaWKZzof4k6ekxcByv0WdGXl2fjVDa/ZS1:ytRR4vckupYWo7k6U40WdGXl2Na/ZS1

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  75067eb32bed5ff61f5047abac91503e
- Size
  
  907KB
- MD5
  
  75067eb32bed5ff61f5047abac91503e
- SHA1
  
  e9622610ed6979fc9a56d4d967e12818e1cebc5d
- SHA256
  
  fbbb7e6ce8d8e953b50c365115df1b31a4efc1272b2fb4b5b43f43b3767029c7
- SHA512
  
  b9d8a768fe4ffcbacaf5192ec40dcc29b1fa664c0d52740991dd30f7fa94a662e4fbfcb996751d392f90922a9813be2b1693254e26bcd85d2da294103751e9ea
- SSDEEP
  
  12288:+vhnDFtRJb7N94vcL8V/u8IlaWKZzof4k6ekxcByv0WdGXl2fjVDa/ZS1:ytRR4vckupYWo7k6U40WdGXl2Na/ZS1
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2