Overview

overview

10

Static

static

3

75212d32dd...3c.exe

windows7-x64

7

75212d32dd...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75212d32ddf1685955ac36c06175a23c

  • Size

    3.6MB

  • Sample

    240125-wcwryschgq

  • MD5

    75212d32ddf1685955ac36c06175a23c

  • SHA1

    b2fee04a33c0ca2664100e2cd46c1a55c5fb788a

  • SHA256

    eca30714b87bd9011d86d9aa40d3f5886657d7de385db3483a321671e9eea05f

  • SHA512

    3a8d095abb1498b13084639804d03b94ecc14a5d283fe3298a5bf4e64b1b475cbc611cec60aaed099a43665be277c5ad4e096a8845ddd14d87cdaf53d1b58702

  • SSDEEP

    49152:Q7/jkvCzRyOOlN3FXqDghbq4TTow+lsgVy1hySd/WF7kzIKAghbq4TTow+lsgp:QSCVyOO3FXvhTW81hynFoIAhTW5

Score
10/10
kinsingloader

Malware Config

Targets

    • Target

      75212d32ddf1685955ac36c06175a23c

    • Size

      3.6MB

    • MD5

      75212d32ddf1685955ac36c06175a23c

    • SHA1

      b2fee04a33c0ca2664100e2cd46c1a55c5fb788a

    • SHA256

      eca30714b87bd9011d86d9aa40d3f5886657d7de385db3483a321671e9eea05f

    • SHA512

      3a8d095abb1498b13084639804d03b94ecc14a5d283fe3298a5bf4e64b1b475cbc611cec60aaed099a43665be277c5ad4e096a8845ddd14d87cdaf53d1b58702

    • SSDEEP

      49152:Q7/jkvCzRyOOlN3FXqDghbq4TTow+lsgVy1hySd/WF7kzIKAghbq4TTow+lsgp:QSCVyOO3FXvhTW81hynFoIAhTW5

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks