Overview

overview

10

Static

static

3

2024-01-25...uk.exe

windows7-x64

7

2024-01-25...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_de27529b17db2e2656778f67876900b6_ryuk

  • Size

    1.5MB

  • Sample

    240125-vkja6acahp

  • MD5

    de27529b17db2e2656778f67876900b6

  • SHA1

    aa3107ae1ccd629c57dd70298c1482a9edf858c4

  • SHA256

    635bbbe254e983f1181094d011d33b3961c53e99493ea65ebfcbcc3f1c52cd3c

  • SHA512

    5b1fa47ab30fafc431ffe33d26f4c69921d65421d6b347ba163461ac636d7dd67e98b4debfe22919d1e1e4e0ee599d1d7f6d95a7f5569ad9073dfaa52786ca2d

  • SSDEEP

    24576:kZ7+quEOtqZpp0YYtwlGhNsof2e7A+ebC:kZ7+xHmpSK8hWomh

Score
10/10
kinsingloaderspywarestealer

Malware Config

Targets

    • Target

      2024-01-25_de27529b17db2e2656778f67876900b6_ryuk

    • Size

      1.5MB

    • MD5

      de27529b17db2e2656778f67876900b6

    • SHA1

      aa3107ae1ccd629c57dd70298c1482a9edf858c4

    • SHA256

      635bbbe254e983f1181094d011d33b3961c53e99493ea65ebfcbcc3f1c52cd3c

    • SHA512

      5b1fa47ab30fafc431ffe33d26f4c69921d65421d6b347ba163461ac636d7dd67e98b4debfe22919d1e1e4e0ee599d1d7f6d95a7f5569ad9073dfaa52786ca2d

    • SSDEEP

      24576:kZ7+quEOtqZpp0YYtwlGhNsof2e7A+ebC:kZ7+xHmpSK8hWomh

    Score
    10/10
    spywarestealerkinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks