kinsing | e6bd419ac8863f37c0b92430c8b94b1d413b5809699683463917f3f8cd8faecc | Triage

Sharing

General

Target

752136ab66c661a356a7dfe583a4e093
Size

1.2MB
Sample

240125-wcyljschgr
MD5

752136ab66c661a356a7dfe583a4e093
SHA1

9192374b0469ac82ec245b447fbd3606e162ffc9
SHA256

e6bd419ac8863f37c0b92430c8b94b1d413b5809699683463917f3f8cd8faecc
SHA512

a9629d4edea2259440743eb16d9654ccf885621ad032a59f2634c58cbbc5b68af2c33f04ed01ac88c09e7aac8894f60d919870bc71b3a9fa4bcb9d90010e7bd8
SSDEEP

24576:aGGn++MsJsATY9wouMGSkK2gp+R0JF2g6sI7kDJFcRgzGV0I6qWHpZzdaulDut:aj/MysATHpSkOziQ8B03qWJZzdVlDu

Score

10^/10

kinsing loader

Malware Config

Targets

- Target
  
  752136ab66c661a356a7dfe583a4e093
- Size
  
  1.2MB
- MD5
  
  752136ab66c661a356a7dfe583a4e093
- SHA1
  
  9192374b0469ac82ec245b447fbd3606e162ffc9
- SHA256
  
  e6bd419ac8863f37c0b92430c8b94b1d413b5809699683463917f3f8cd8faecc
- SHA512
  
  a9629d4edea2259440743eb16d9654ccf885621ad032a59f2634c58cbbc5b68af2c33f04ed01ac88c09e7aac8894f60d919870bc71b3a9fa4bcb9d90010e7bd8
- SSDEEP
  
  24576:aGGn++MsJsATY9wouMGSkK2gp+R0JF2g6sI7kDJFcRgzGV0I6qWHpZzdaulDut:aj/MysATHpSkOziQ8B03qWJZzdVlDu
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2