kinsing | 49120084b513287ae224f654854a88ed3a8bff124efa63d57db3f81d16adb846 | Triage

Sharing

General

Target

qbittorrent_4.6.3_x64_setup.exe
Size

34.1MB
Sample

240125-vxa6babed3
MD5

daa53d95d6935aabaf66a0607110fed2
SHA1

0c3a414b34f343a9c04be2770e111a2862c88693
SHA256

49120084b513287ae224f654854a88ed3a8bff124efa63d57db3f81d16adb846
SHA512

759b898608242eef9e8c401bdf40c69d7efb9ccc5444c1d842a2a9d91de156b703ef53ff08052b3e78c5bd04b6412001ec69a6baac1b6b0517571a99f6e73d5c
SSDEEP

786432:7mZb7euTgPUeOq0+hF2t1DpHcyOJPk77aMSGdyXmVO:7GeJcev0UmDp8hJPkqMSGdXc

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  qbittorrent_4.6.3_x64_setup.exe
- Size
  
  34.1MB
- MD5
  
  daa53d95d6935aabaf66a0607110fed2
- SHA1
  
  0c3a414b34f343a9c04be2770e111a2862c88693
- SHA256
  
  49120084b513287ae224f654854a88ed3a8bff124efa63d57db3f81d16adb846
- SHA512
  
  759b898608242eef9e8c401bdf40c69d7efb9ccc5444c1d842a2a9d91de156b703ef53ff08052b3e78c5bd04b6412001ec69a6baac1b6b0517571a99f6e73d5c
- SSDEEP
  
  786432:7mZb7euTgPUeOq0+hF2t1DpHcyOJPk77aMSGdyXmVO:7GeJcev0UmDp8hJPkqMSGdXc
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  9KB
- MD5
  
  940c56737bf9bb69ce7a31c623d4e87a
- SHA1
  
  f2f3b4e7b9c28df6687ceeaed300a793e3bac445
- SHA256
  
  766a893fe962aefd27c574cb05f25cf895d3fc70a00db5a6fa73d573f571aefc
- SHA512
  
  81c60431619d7eb826b8da997c227c4f7077cc754caa15df6e0e7ae0e33690432bc2a27a7e295998f15e33a17b3d80e492d7cc09fd70dc43daf1cfe86b8746ff
- SSDEEP
  
  192:TYw3C/LSnMoejFXnknIHbGoijTr3dBZ9KPPsnY/T0x9j:TY3LSnlepnknIHKoUrdBZ9uPsY/Ix9j
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  qbittorrent.pdb
- Size
  
  141.0MB
- MD5
  
  6e207803fc830e4dbe91e93c0d5e504e
- SHA1
  
  1b8f6a54d8d4df16405e52c60673fb43110f02a6
- SHA256
  
  0a9607df7a5b4b516df3a54ac6d37c636754a5a90371b93cfa6fb88954e467a1
- SHA512
  
  de994a98a2f1fca4282d57abed39947da09a554f62eafa40d34e252ce618e35310d566cca599e0d16723e87415442c5e2caa454e93b1244331c8aee7be7005a8
- SSDEEP
  
  393216:B3NhDyrU7U5lzsQQhCnN8kJESmLAyrGZbFXSddg6W+3gUJHZUNq0TeuhN:B9hDyB5lZEW/fh
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral7 behavioral8
- Target
  
  qt.conf
- Size
  
  84B
- MD5
  
  af7f56a63958401da8bea1f5e419b2af
- SHA1
  
  f66ee8779ca6d570dea22fe34ef8600e5d3c5f38
- SHA256
  
  fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3
- SHA512
  
  02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral10 behavioral9
- Target
  
  translations/qt_gl.qm
- Size
  
  316KB
- MD5
  
  0661ffabfbc50187f3ba38876b721946
- SHA1
  
  eb5e7205355cfc6bcb4df27e224079842c97b296
- SHA256
  
  204a01ac7deb6b5bae193afecbd1e50d18c73bf7d94badeb2bbfdf6123c4ed93
- SHA512
  
  65ab66cc54d65e7678fa731a5c5f2cc9d6fc217b91ad47d538440811e09a23e49cd95ce62a79e3e8c275e250ac1a0b54bd289f6dd067573876da7aff54381d02
- SSDEEP
  
  3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral11 behavioral12
- Target
  
  translations/qt_lt.qm
- Size
  
  161KB
- MD5
  
  8992b652d1499f5d2f12674f3f875a35
- SHA1
  
  e22766a49612f79156c550d83c6c230345dda433
- SHA256
  
  47eb5f97467df769261421d54a5bea1131c9fb9b6388791d38bb6574335b64bf
- SHA512
  
  9b8b6dbff432f2a46c14bc183a6baf84acbf02bf2c5bb8c306c6538fbd9be1c0a9015bd46728f2f652f9163afc56b1e16d16eb95d8f7728f3c562ae9f4f1ae1e
- SSDEEP
  
  1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral13 behavioral14
- Target
  
  translations/qt_pt_PT.qm
- Size
  
  68KB
- MD5
  
  6656500f7a28ef820ae9f97fd47fb5bb
- SHA1
  
  cc112b9c9513bcf7497f3417168b4c8a9f7640a9
- SHA256
  
  2c1e7bbf5168a64b43752dd4c547601c0bde6d610f8671fa3e3af38597e84783
- SHA512
  
  5c3cbfcf86af6b4d949c1d914cd379e512e73ba350af661033a386ee7fb981fbfcb43d9a35fde7656e17bb09f64f1469f84867a780573c3359d645269461d5a6
- SSDEEP
  
  768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral15 behavioral16
- Target
  
  translations/qt_sl.qm
- Size
  
  223KB
- MD5
  
  d35a0fe35476be8bd149cee46e42b5e9
- SHA1
  
  9f3c85c115a283e5230d1eead84c8cb73a71fa03
- SHA256
  
  c44e0313a9414cc0e490b65b0c036fa11bca959353b228886547bc2c8492034f
- SHA512
  
  beeb1751882af081e80be93f7464d4c6322b724efa2cbd3e1cbe709181d380c1c57e770fa962bb706d6fcf4a8cb393e3f6e187c1f604f8ceefb201ca3200bd1c
- SSDEEP
  
  3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral17 behavioral18
- Target
  
  translations/qt_sv.qm
- Size
  
  64KB
- MD5
  
  0e85e0e0e7ddfe3d4bde302f27047f9c
- SHA1
  
  ae59348e0c2e4f86f99da6cf5dab3b7e92504b7c
- SHA256
  
  4b4b6ff7fd237c9da0301b4946132e68653d15eb5faf38e4c5fbfebb12dd97f7
- SHA512
  
  8caab6c61e9fa26a3a289a9e4dc515d157b3092d6d4ed43861220261bd2b7cc79b35b52f9ade4ef558b5385b37eac14575420dd55c475f435bb95b6c1e2561b6
- SSDEEP
  
  1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral19 behavioral20
- Target
  
  translations/qtbase_ar.qm
- Size
  
  156KB
- MD5
  
  a7e4d0ba0fc5df07f62cc66ec9878979
- SHA1
  
  21fd131b23bdd1bba7bbb86f3ed5c83876f45638
- SHA256
  
  e03fe68d83201543698fd7fe267dd5dfc5bfd195147e74ff2f19ac3491401263
- SHA512
  
  d9e6b10506fcf20b5b783f011908083d9df6c5df88e21b10d07f53a01ad6506a4b921c85335a25bae54e27bad7d01b6e240d58fdeeaabc7ff32014ec120c2ecf
- SSDEEP
  
  1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral21 behavioral22
- Target
  
  translations/qtbase_bg.qm
- Size
  
  161KB
- MD5
  
  660413ad666a6b31a1acf8f216781d6e
- SHA1
  
  654409cdf3f551555957d3dbcf8d6a0d8f03a6c5
- SHA256
  
  e448ac9e3f16c29eb27af3012efe21052daa78fabfb34cd6dff2f69ee3bd3cdb
- SHA512
  
  c6ae4b784c3d302d7ec6b9ce7b27ddaf00713adf233f1246cd0475697a59c84d6a86baa1005283b1f89fcc0835fd131e5cf07b3534b66a0a0aa6ac6356006b8f
- SSDEEP
  
  1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral23 behavioral24
- Target
  
  translations/qtbase_ca.qm
- Size
  
  199KB
- MD5
  
  ef15e764e49bb4cd7bb91cb8abdbd8c5
- SHA1
  
  6e73576ee5349870eeb72373596dad6975688755
- SHA256
  
  425023f1b530456d0ba012e32b84daaaa5aa3bc385d9a076e7751393db393d77
- SHA512
  
  a3516c2dc13410394c592f568912189a64d1b00c272874996143c8388e9351294f5eb36287f18845e5385578718535a66901a5693bec3401ff0a6589fc352081
- SSDEEP
  
  3072:7v+fArFDLAdtPstp2S+BvXERjaePzCTcQ1Z:7tt4UOS+TB1Z
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral25 behavioral26
- Target
  
  translations/qtbase_cs.qm
- Size
  
  170KB
- MD5
  
  c57d0de9d8458a5beb2114e47b0fde47
- SHA1
  
  3a0e777539c51bb65ee76b8e1d8dce4386cbc886
- SHA256
  
  03028b42df5479270371e4c3bdc7df2f56cbbe6dda956a2864ac6f6415861fe8
- SHA512
  
  f7970c132064407752c3d42705376fe04facafd2cfe1021e615182555f7ba82e7970edf5d14359f9d5ca69d4d570aa9ddc46d48ce787cff13d305341a3e4af79
- SSDEEP
  
  3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral27 behavioral28
- Target
  
  translations/qtbase_da.qm
- Size
  
  177KB
- MD5
  
  859ce522a233af31ed8d32822da7755b
- SHA1
  
  70b19b2a6914da7d629f577f8987553713cd5d3f
- SHA256
  
  7d1e5ca3310b54d104c19bf2abd402b38e584e87039a70e153c4a9af74b25c22
- SHA512
  
  f9faa5a19c2fd99ccd03151b7be5dda613e9c69678c028cdf678adb176c23c7de9eb846cf915bc3cc67abd5d62d9cd483a5f47a57d5e6bb2f2053563d62e1ef5
- SSDEEP
  
  3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral29 behavioral30
- Target
  
  translations/qtbase_de.qm
- Size
  
  208KB
- MD5
  
  6d8a9cc6f56a598a35a9a61b672f62c4
- SHA1
  
  5cb04f893de7abaf95954a6c6bab9ebafd671f27
- SHA256
  
  8286eb14d44bb83f869a51feab3e19ab7a9e7756adc8aa103e995a64913f1ed9
- SHA512
  
  3af8b4eb00a0155ec44491185b16c7dbc5da43c0c544927172900a22d68cfc88235e5a69d9e9b2d2d0c57a89e1798980104e171cb7f5aaf8762dbd3481103a92
- SSDEEP
  
  3072:iLsFuh3JmB8xVXE7YXEfgQZaDMN8DDiEfugwoulh15ce4M+UwsPYXCZPb7Ufq3wy:igFjss86Os/i2
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32