kinsing | 8717bb2b1111bfb5bbbfe63c6f6861128cb9e098596b0cbce84d3a1fbede87ca | Triage

Sharing

General

Target

Focktron_Softwares.rar
Size

9.9MB
Sample

240125-vg754scadk
MD5

80d5d326a83eacddd0bb865adcf321c3
SHA1

9b53a4c252fe3186c05a99d70ed1874c646a4d7f
SHA256

8717bb2b1111bfb5bbbfe63c6f6861128cb9e098596b0cbce84d3a1fbede87ca
SHA512

2df02f3f63a426d8e093c7f51059c8e4a84b6408d001a0a6ca08ce822272330ff52cea2de1385d35d2186d84ab9b0d1a698cbf1fac484465b33e0e58b6449899
SSDEEP

196608:hsMKJLmOGA17s1suHShvJ9JKxriBLCUy6jBNHovt1wgQwn4PonFuyV8Hy:hMJLmJeuyhh9JKxulCUe1LRFXVEy

Score

10^/10

kinsing loader persistence

Malware Config

Targets

- Target
  
  Focktron_Softwares.rar
- Size
  
  9.9MB
- MD5
  
  80d5d326a83eacddd0bb865adcf321c3
- SHA1
  
  9b53a4c252fe3186c05a99d70ed1874c646a4d7f
- SHA256
  
  8717bb2b1111bfb5bbbfe63c6f6861128cb9e098596b0cbce84d3a1fbede87ca
- SHA512
  
  2df02f3f63a426d8e093c7f51059c8e4a84b6408d001a0a6ca08ce822272330ff52cea2de1385d35d2186d84ab9b0d1a698cbf1fac484465b33e0e58b6449899
- SSDEEP
  
  196608:hsMKJLmOGA17s1suHShvJ9JKxriBLCUy6jBNHovt1wgQwn4PonFuyV8Hy:hMJLmJeuyhh9JKxulCUe1LRFXVEy
Score

10^/10

kinsing loader persistence
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1
- Target
  
  Foxtron Softcares.exe
- Size
  
  10.8MB
- MD5
  
  acc4764c0082beb63990cddd9056fbbd
- SHA1
  
  f5a6c809da9b618aae57f223bb2bef0d2829497e
- SHA256
  
  160faa45903091e754d7fedf4ec11bbb43a2363ef355ae3618127b9ec18e4a49
- SHA512
  
  2744038a963ec51be53e9bf5471a9f4dcc0eaab9fa7ccbfcf0d714d5e41293c37e0571840bff74d0b5098291fe61e352f227c9a1d4fec9e6f098903d85fc6b1d
- SSDEEP
  
  196608:hXm+BbTNUYabTmPToq0Hy2BPZNUUMCrEeRqNjfSrv1gJ4Cscp8zN+zxz:hXm+B3Ii7oq0XtvMCom8jKr9gJ4CsSKk
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral2
- Target
  
  driver.sys
- Size
  
  12KB
- MD5
  
  d4341e8e632fa8abd38c185ebc32f786
- SHA1
  
  0589c10a32382dfac763246d9c764be9cce786a4
- SHA256
  
  31acd86e42bd31761cb1d58e1c7bcb7fe1bc21f4375b09ce41fe2146446534ce
- SHA512
  
  3516524e1559af1a8e936b69b61348515ef0d76d7933aa7a8df6bac9eec9a775749aa29be6f9f214d2e389cfb450d1abb2cdb78f1eb2610704f482f38ace205f
- SSDEEP
  
  192:x0kbhXPEcIHTDbMVfO9kNueYSYcHeg4puad:CktXcHjcW7S5+gC
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral3
- Target
  
  kdmapper.exe
- Size
  
  133KB
- MD5
  
  4da5a13241127d25bc89259af79d45a9
- SHA1
  
  32b53261f437aed23a6bb5799bfda0da2d5cc138
- SHA256
  
  ad1c5a790ad8d050aa293a25edcf6587da716ac13af096b6f3b7326f4d1ffe36
- SHA512
  
  a4dd3cc057a47d6c9a1f94178a42b78780e42f4e41be7e681e8983a129e02c139b13db65d2bb7c03a20bc58014eab4cca2ac5904233ca57881ecc657d9d550cd
- SSDEEP
  
  3072:VHrwQxRTBJRSjodLw3NTv0WszGromJTQSaMm5/6wZ1S:VLwQxRTzRldLyvHbnWlY
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kinsingloaderpersistence

behavioral2

behavioral3

behavioral4