kinsing | 758cc614cae4a0b05a95a0cb48f42068182343493bf79d649df543679052a27f | Triage

Sharing

General

Target

75089e16fe0ebf70901eb5139f9d46cb
Size

1000KB
Sample

240125-vhzkcscaen
MD5

75089e16fe0ebf70901eb5139f9d46cb
SHA1

7c278d0e292ec51c7b99b45a46f064199881c6b8
SHA256

758cc614cae4a0b05a95a0cb48f42068182343493bf79d649df543679052a27f
SHA512

15e26f576fb667c81f557d6fd858ad8d74f4c97c724c7e7676b865f19b7559214b636de021208dbefda318ca4ed68c731bbf2f4ea801f7eba79496093a5baff3
SSDEEP

12288:Yoq68dj510dUY1E8wUwqAk0ed/Z6w7LQ/mQJ0EECaBwQ2tb5JLrnylUPqt0gHDSS:YotU5Uxn1AZege11B+5vMiqt0gj2ed

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  75089e16fe0ebf70901eb5139f9d46cb
- Size
  
  1000KB
- MD5
  
  75089e16fe0ebf70901eb5139f9d46cb
- SHA1
  
  7c278d0e292ec51c7b99b45a46f064199881c6b8
- SHA256
  
  758cc614cae4a0b05a95a0cb48f42068182343493bf79d649df543679052a27f
- SHA512
  
  15e26f576fb667c81f557d6fd858ad8d74f4c97c724c7e7676b865f19b7559214b636de021208dbefda318ca4ed68c731bbf2f4ea801f7eba79496093a5baff3
- SSDEEP
  
  12288:Yoq68dj510dUY1E8wUwqAk0ed/Z6w7LQ/mQJ0EECaBwQ2tb5JLrnylUPqt0gHDSS:YotU5Uxn1AZege11B+5vMiqt0gj2ed
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2