kinsing | 2724f3b0539c56d0e63c2f4af9a96ec16b8469ff1bf18e67035d5283619b2f3d | Triage

Sharing

General

Target

750b85baa48747ac878a18335738e0e8
Size

264KB
Sample

240125-vmbzvscbdk
MD5

750b85baa48747ac878a18335738e0e8
SHA1

c99f4871b5e57ca5d465ac164a844f21428f18ac
SHA256

2724f3b0539c56d0e63c2f4af9a96ec16b8469ff1bf18e67035d5283619b2f3d
SHA512

e5945c5a1887eb96363882ea17e23aa70f83ac273c7d5d9bdb111db787e3b4d76757182f6455689a3b53ea908491f1d812571f21ee38a25447cf4ed8ca8780e7
SSDEEP

3072:1qli58fVgw9rFxEY7gQzBMqbGQ1v8hQqB+I7pvKboaksHECrIn:B8fGw9UY7gWyQqB+I7A07sHEiIn

Score

10^/10

kinsing evasion loader spyware stealer trojan

Malware Config

Targets

- Target
  
  750b85baa48747ac878a18335738e0e8
- Size
  
  264KB
- MD5
  
  750b85baa48747ac878a18335738e0e8
- SHA1
  
  c99f4871b5e57ca5d465ac164a844f21428f18ac
- SHA256
  
  2724f3b0539c56d0e63c2f4af9a96ec16b8469ff1bf18e67035d5283619b2f3d
- SHA512
  
  e5945c5a1887eb96363882ea17e23aa70f83ac273c7d5d9bdb111db787e3b4d76757182f6455689a3b53ea908491f1d812571f21ee38a25447cf4ed8ca8780e7
- SSDEEP
  
  3072:1qli58fVgw9rFxEY7gQzBMqbGQ1v8hQqB+I7pvKboaksHECrIn:B8fGw9UY7gWyQqB+I7A07sHEiIn
Score

10^/10

evasion spyware stealer trojan kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2

kinsingevasionloaderspywarestealer