kinsing | 17f59059ae0e742931a9d320e3a42c0237fc224b64eec4d653d3b5fa255d5d59 | Triage

Submit
Reports

Overview

overview

Static

static

7

750fc1e956...96.exe

windows7-x64

7

750fc1e956...96.exe

windows10-2004-x64

Sharing

General

Target

750fc1e9564d60b5c828375a9fc3ad96
Size

133KB
Sample

240125-vq696sccdp
MD5

750fc1e9564d60b5c828375a9fc3ad96
SHA1

53283f0e09c78f995f5dd99a12988fb23f4cbf54
SHA256

17f59059ae0e742931a9d320e3a42c0237fc224b64eec4d653d3b5fa255d5d59
SHA512

0c377a519ed8c19d96412a6ee6efc7c9da9919776fef20d848b1cd5b59d2aaf0e167d9b814479992c95cab3c5802917a2d27eececefbf2f6ff59abf2875ad1d1
SSDEEP

1536:SKcR4mjD9r823FGHiTsNmkYAuiaT3EPGV6TFvTZBUPBn9zqwd6qbjFQ4veUx3Nw6:SKcWmjRrz39wNmnYB1KPNR7BPwscAvX

Score

10^/10

kinsing loader persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

750fc1e9564d60b5c828375a9fc3ad96.exe

Resource

win7-20231215-en

persistence spyware stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

750fc1e9564d60b5c828375a9fc3ad96.exe

Resource

win10v2004-20231222-en

kinsing loader persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  750fc1e9564d60b5c828375a9fc3ad96
- Size
  
  133KB
- MD5
  
  750fc1e9564d60b5c828375a9fc3ad96
- SHA1
  
  53283f0e09c78f995f5dd99a12988fb23f4cbf54
- SHA256
  
  17f59059ae0e742931a9d320e3a42c0237fc224b64eec4d653d3b5fa255d5d59
- SHA512
  
  0c377a519ed8c19d96412a6ee6efc7c9da9919776fef20d848b1cd5b59d2aaf0e167d9b814479992c95cab3c5802917a2d27eececefbf2f6ff59abf2875ad1d1
- SSDEEP
  
  1536:SKcR4mjD9r823FGHiTsNmkYAuiaT3EPGV6TFvTZBUPBn9zqwd6qbjFQ4veUx3Nw6:SKcWmjRrz39wNmnYB1KPNR7BPwscAvX
Score

10^/10

persistence spyware stealer upx kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

kinsingloaderpersistencespywarestealerupx

© 2018-2024

Terms | Privacy