kinsing | 1f84244da87662b6d41a06813eb61555be431a309fc5c8c84ee73e6ed91bfe44 | Triage

Sharing

General

Target

752142f0f208d06c7e69ea8f8477d935
Size

12KB
Sample

240125-wc29qschhk
MD5

752142f0f208d06c7e69ea8f8477d935
SHA1

9ea7b731ffa01945fe075cdc65c0af2114254e90
SHA256

1f84244da87662b6d41a06813eb61555be431a309fc5c8c84ee73e6ed91bfe44
SHA512

9a1e513b5bc94337e6217bc7bf039291ae689a74fdc2afd2d7cbd8e3b6af91f76a800c3d90a8cc14d398f9a28c4729631f2423c533b9fe9403e375f1de455ec9
SSDEEP

384:1KmdoHf3Rep0AAGXAvj2T8dZsrSSQmf0A:Um2/NeXx8UrShm8A

Score

10^/10

kinsing loader persistence

Malware Config

Targets

- Target
  
  752142f0f208d06c7e69ea8f8477d935
- Size
  
  12KB
- MD5
  
  752142f0f208d06c7e69ea8f8477d935
- SHA1
  
  9ea7b731ffa01945fe075cdc65c0af2114254e90
- SHA256
  
  1f84244da87662b6d41a06813eb61555be431a309fc5c8c84ee73e6ed91bfe44
- SHA512
  
  9a1e513b5bc94337e6217bc7bf039291ae689a74fdc2afd2d7cbd8e3b6af91f76a800c3d90a8cc14d398f9a28c4729631f2423c533b9fe9403e375f1de455ec9
- SSDEEP
  
  384:1KmdoHf3Rep0AAGXAvj2T8dZsrSSQmf0A:Um2/NeXx8UrShm8A
Score

10^/10

persistence kinsing loader
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsingloaderpersistence