kinsing | 3be80cfa604086072f7763041a1324bce517f90d67d401c81a8297ed60699f99 | Triage

Sharing

General

Target

75223dcf04ed991c3c6285b3a8fcfeb9
Size

143KB
Sample

240125-wd7kvadabr
MD5

75223dcf04ed991c3c6285b3a8fcfeb9
SHA1

3e829e04b2b5e0dec8deb30b03de94771894a09d
SHA256

3be80cfa604086072f7763041a1324bce517f90d67d401c81a8297ed60699f99
SHA512

79263f738fb2e2b0d293d8a6ea53f381afaade88688b21144239bb0be6730c632089b11d8b87c6a813bff5cf53e67537b7723bc9df7d30848315903a81e5a1c0
SSDEEP

3072:XJqmWJGq7dW9p6ra8cWaBCFW4fFFrdEMPXgbnVfAW3hpSt:smmdUv8cWaBCFW4tZ+kXgbnGKpS

Score

10^/10

kinsing loader persistence

Malware Config

Targets

- Target
  
  75223dcf04ed991c3c6285b3a8fcfeb9
- Size
  
  143KB
- MD5
  
  75223dcf04ed991c3c6285b3a8fcfeb9
- SHA1
  
  3e829e04b2b5e0dec8deb30b03de94771894a09d
- SHA256
  
  3be80cfa604086072f7763041a1324bce517f90d67d401c81a8297ed60699f99
- SHA512
  
  79263f738fb2e2b0d293d8a6ea53f381afaade88688b21144239bb0be6730c632089b11d8b87c6a813bff5cf53e67537b7723bc9df7d30848315903a81e5a1c0
- SSDEEP
  
  3072:XJqmWJGq7dW9p6ra8cWaBCFW4fFFrdEMPXgbnVfAW3hpSt:smmdUv8cWaBCFW4tZ+kXgbnGKpS
Score

10^/10

persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsingloaderpersistence