General

  • Target

    75223dcf04ed991c3c6285b3a8fcfeb9

  • Size

    143KB

  • Sample

    240125-wd7kvadabr

  • MD5

    75223dcf04ed991c3c6285b3a8fcfeb9

  • SHA1

    3e829e04b2b5e0dec8deb30b03de94771894a09d

  • SHA256

    3be80cfa604086072f7763041a1324bce517f90d67d401c81a8297ed60699f99

  • SHA512

    79263f738fb2e2b0d293d8a6ea53f381afaade88688b21144239bb0be6730c632089b11d8b87c6a813bff5cf53e67537b7723bc9df7d30848315903a81e5a1c0

  • SSDEEP

    3072:XJqmWJGq7dW9p6ra8cWaBCFW4fFFrdEMPXgbnVfAW3hpSt:smmdUv8cWaBCFW4tZ+kXgbnGKpS

Malware Config

Targets

    • Target

      75223dcf04ed991c3c6285b3a8fcfeb9

    • Size

      143KB

    • MD5

      75223dcf04ed991c3c6285b3a8fcfeb9

    • SHA1

      3e829e04b2b5e0dec8deb30b03de94771894a09d

    • SHA256

      3be80cfa604086072f7763041a1324bce517f90d67d401c81a8297ed60699f99

    • SHA512

      79263f738fb2e2b0d293d8a6ea53f381afaade88688b21144239bb0be6730c632089b11d8b87c6a813bff5cf53e67537b7723bc9df7d30848315903a81e5a1c0

    • SSDEEP

      3072:XJqmWJGq7dW9p6ra8cWaBCFW4fFFrdEMPXgbnVfAW3hpSt:smmdUv8cWaBCFW4tZ+kXgbnGKpS

    • Kinsing

      Kinsing is a loader written in Golang.

    • Modifies AppInit DLL entries

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks