kinsing | 19fe0e2a4195505e4414a206d346cdc01c9c4c879afaa502aae4706d11719452 | Triage

Submit
Reports

Overview

overview

Static

static

3

751f72c8da...c3.exe

windows7-x64

751f72c8da...c3.exe

windows10-2004-x64

Sharing

General

Target

751f72c8da469f5b6b562698dc2f57c3
Size

591KB
Sample

240125-waklxachbl
MD5

751f72c8da469f5b6b562698dc2f57c3
SHA1

2db42618de80d2f43e27aa1fac5a7af8c0d702f9
SHA256

19fe0e2a4195505e4414a206d346cdc01c9c4c879afaa502aae4706d11719452
SHA512

43f193e58fa561e94a1b6786938e7cfb371924dd378cd276ef2c9ec65bb3c99b215f55a24445fd591c54d31c34c468a344cd5bb11064f0fb80c70bde52057b69
SSDEEP

6144:dNUZhUpSFJLgGj9jv4oeEGRuYuSL9MQfXaxnY5n7Z2GtvWrLl5l:deZh6Y/eEAnuSOQIslnkl5l

Score

10^/10

kinsing snakekeylogger keylogger loader stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

751f72c8da469f5b6b562698dc2f57c3.exe

Resource

win7-20231215-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

751f72c8da469f5b6b562698dc2f57c3.exe

Resource

win10v2004-20231215-en

kinsing snakekeylogger keylogger loader stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  751f72c8da469f5b6b562698dc2f57c3
- Size
  
  591KB
- MD5
  
  751f72c8da469f5b6b562698dc2f57c3
- SHA1
  
  2db42618de80d2f43e27aa1fac5a7af8c0d702f9
- SHA256
  
  19fe0e2a4195505e4414a206d346cdc01c9c4c879afaa502aae4706d11719452
- SHA512
  
  43f193e58fa561e94a1b6786938e7cfb371924dd378cd276ef2c9ec65bb3c99b215f55a24445fd591c54d31c34c468a344cd5bb11064f0fb80c70bde52057b69
- SSDEEP
  
  6144:dNUZhUpSFJLgGj9jv4oeEGRuYuSL9MQfXaxnY5n7Z2GtvWrLl5l:deZh6Y/eEAnuSOQIslnkl5l
Score

10^/10

snakekeylogger keylogger stealer kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

kinsingsnakekeyloggerkeyloggerloaderstealer

© 2018-2024

Terms | Privacy