Overview

overview

10

Static

static

10

2024-01-25...er.exe

windows7-x64

9

2024-01-25...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_09a134c8ae5e847477ea745935195a08_cryptolocker

  • Size

    31KB

  • Sample

    240125-vxselacdgj

  • MD5

    09a134c8ae5e847477ea745935195a08

  • SHA1

    ded0efbc9d2ae2f3d05d688de32396d094019d58

  • SHA256

    c86b089a7a12ba0ca1f308b2935064677bf9927ea86cef916e29f185343dc3d7

  • SHA512

    860ab67122bb4052f51026a7b1d4844722963ff4c1a9268651a9f6bf47fd80c22ecdba17ec02516dd0a6cc2e897785be11b2224d789c606fdfa6c1b5116b3a89

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznUsD3W:b/yC4GyNM01GuQMNXw2PSjZG

Score
10/10
kinsingdiscoveryloader

Malware Config

Targets

    • Target

      2024-01-25_09a134c8ae5e847477ea745935195a08_cryptolocker

    • Size

      31KB

    • MD5

      09a134c8ae5e847477ea745935195a08

    • SHA1

      ded0efbc9d2ae2f3d05d688de32396d094019d58

    • SHA256

      c86b089a7a12ba0ca1f308b2935064677bf9927ea86cef916e29f185343dc3d7

    • SHA512

      860ab67122bb4052f51026a7b1d4844722963ff4c1a9268651a9f6bf47fd80c22ecdba17ec02516dd0a6cc2e897785be11b2224d789c606fdfa6c1b5116b3a89

    • SSDEEP

      384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznUsD3W:b/yC4GyNM01GuQMNXw2PSjZG

    Score
    10/10
    discoverykinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Detection of CryptoLocker Variants

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks