kinsing | 7a2bec75af5d5c26bda8adb23f5b343a562d519ef6768122703b0944f88dde87 | Triage

Sharing

General

Target

7510cc8e71f8cdfc4a2c76d55e674ecc
Size

323KB
Sample

240125-vr54haccfq
MD5

7510cc8e71f8cdfc4a2c76d55e674ecc
SHA1

a0ac932cdb109513c260448195b76fef90a48a42
SHA256

7a2bec75af5d5c26bda8adb23f5b343a562d519ef6768122703b0944f88dde87
SHA512

444eb2513e85473647d53bb9681f10d2ff658ab2b3aab01b1abac2f0cb7c5532f69d0a84f6de21390c8dce2700be8e1b77de54cd2e208955daf28fffa1e0be4a
SSDEEP

768:X1hrEe3BN7m/kwQ2L3tvQvTvXk56NQ+Zf1zBmQzTGfmgyqCx:lhn3r7mfQGKvDXkgQGf1zwQVgvCx

Score

10^/10

kinsing loader persistence

Malware Config

Targets

- Target
  
  7510cc8e71f8cdfc4a2c76d55e674ecc
- Size
  
  323KB
- MD5
  
  7510cc8e71f8cdfc4a2c76d55e674ecc
- SHA1
  
  a0ac932cdb109513c260448195b76fef90a48a42
- SHA256
  
  7a2bec75af5d5c26bda8adb23f5b343a562d519ef6768122703b0944f88dde87
- SHA512
  
  444eb2513e85473647d53bb9681f10d2ff658ab2b3aab01b1abac2f0cb7c5532f69d0a84f6de21390c8dce2700be8e1b77de54cd2e208955daf28fffa1e0be4a
- SSDEEP
  
  768:X1hrEe3BN7m/kwQ2L3tvQvTvXk56NQ+Zf1zBmQzTGfmgyqCx:lhn3r7mfQGKvDXkgQGf1zwQVgvCx
Score

10^/10

persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsingloaderpersistence