Overview

overview

10

Static

static

10

2024-01-25...er.exe

windows7-x64

9

2024-01-25...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_421327f0efe660165dfaa4685c9a4c06_cryptolocker

  • Size

    47KB

  • Sample

    240125-vz8vcsbfc2

  • MD5

    421327f0efe660165dfaa4685c9a4c06

  • SHA1

    3c90a2617b3bf468de1ed48245e3fa1141de45af

  • SHA256

    06dc692486aa72583cedea5dd433ca6f99f6efd4972e43bfa36e350a93ca13b2

  • SHA512

    6b29b520f0d77e0f321251047d0a5ba74fd21ed7fbea1ecc053f4aca2133f9aac3c543178b8fa8c0591f91d98ff8a955296249e6e52b2a8cc8bdb23f81779dad

  • SSDEEP

    768:xQz7yVEhs9+4uR1bytOOtEvwDpjWE6BLbjG9RzhwaAs:xj+VGMOtEvwDpjy+Tr

Score
10/10
kinsingloader

Malware Config

Targets

    • Target

      2024-01-25_421327f0efe660165dfaa4685c9a4c06_cryptolocker

    • Size

      47KB

    • MD5

      421327f0efe660165dfaa4685c9a4c06

    • SHA1

      3c90a2617b3bf468de1ed48245e3fa1141de45af

    • SHA256

      06dc692486aa72583cedea5dd433ca6f99f6efd4972e43bfa36e350a93ca13b2

    • SHA512

      6b29b520f0d77e0f321251047d0a5ba74fd21ed7fbea1ecc053f4aca2133f9aac3c543178b8fa8c0591f91d98ff8a955296249e6e52b2a8cc8bdb23f81779dad

    • SSDEEP

      768:xQz7yVEhs9+4uR1bytOOtEvwDpjWE6BLbjG9RzhwaAs:xj+VGMOtEvwDpjy+Tr

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • Detects executables built or packed with MPress PE compressor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks