kinsing | abfcaae1e6f7b625f4688110bf96be20f1d09817dc3cfb489bbba117705c229b | Triage

Submit
Reports

Overview

overview

Static

static

7

751fc385dc...61.exe

windows7-x64

7

751fc385dc...61.exe

windows10-2004-x64

Sharing

General

Target

751fc385dcf3ad8c41c8d00215440661
Size

194KB
Sample

240125-wazqtsbhh3
MD5

751fc385dcf3ad8c41c8d00215440661
SHA1

7c33b6b9e3b4bccc9bc22cbe01872352d449b103
SHA256

abfcaae1e6f7b625f4688110bf96be20f1d09817dc3cfb489bbba117705c229b
SHA512

830a9d492570997746ad5b099d9e6f463829d1ae44eb6864620d2012d5429854542d75a42e56b295cd9022de8972d2091ffdf86db0ba0cf4fcd36daca340da76
SSDEEP

6144:eEJudAILVANvA/o/u549UGSiSbs4IEYRz5:eE0+QVovAYu5hbs4IBRF

Score

10^/10

kinsing loader persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

751fc385dcf3ad8c41c8d00215440661.exe

Resource

win7-20231215-en

persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

751fc385dcf3ad8c41c8d00215440661.exe

Resource

win10v2004-20231215-en

kinsing loader upx

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  751fc385dcf3ad8c41c8d00215440661
- Size
  
  194KB
- MD5
  
  751fc385dcf3ad8c41c8d00215440661
- SHA1
  
  7c33b6b9e3b4bccc9bc22cbe01872352d449b103
- SHA256
  
  abfcaae1e6f7b625f4688110bf96be20f1d09817dc3cfb489bbba117705c229b
- SHA512
  
  830a9d492570997746ad5b099d9e6f463829d1ae44eb6864620d2012d5429854542d75a42e56b295cd9022de8972d2091ffdf86db0ba0cf4fcd36daca340da76
- SSDEEP
  
  6144:eEJudAILVANvA/o/u549UGSiSbs4IEYRz5:eE0+QVovAYu5hbs4IBRF
Score

10^/10

persistence upx kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsingloaderupx

© 2018-2024

Terms | Privacy