kinsing | 2b802c022331c8edc3677ddcd92e9828df9868008690ca4705607130e2c11f44 | Triage

Sharing

General

Target

7522d42bc91d7d4003462db6a1fc1f34
Size

88KB
Sample

240125-we3y2sdadk
MD5

7522d42bc91d7d4003462db6a1fc1f34
SHA1

41c7173d375784b64edd3b8f9ba6d367be6f726c
SHA256

2b802c022331c8edc3677ddcd92e9828df9868008690ca4705607130e2c11f44
SHA512

66e1cc231b44151b62d18299209178db57cbc03779a2054ad6f3e2b89c30b937940618c8e8e0470deb37653a5ad221cc77ca7b9a0c345eb38757686ed19b7408
SSDEEP

1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oo:59Ry98guHVBqqg2bcruzUHmLKeMMU7GO

Score

10^/10

kinsing loader

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  7522d42bc91d7d4003462db6a1fc1f34
- Size
  
  88KB
- MD5
  
  7522d42bc91d7d4003462db6a1fc1f34
- SHA1
  
  41c7173d375784b64edd3b8f9ba6d367be6f726c
- SHA256
  
  2b802c022331c8edc3677ddcd92e9828df9868008690ca4705607130e2c11f44
- SHA512
  
  66e1cc231b44151b62d18299209178db57cbc03779a2054ad6f3e2b89c30b937940618c8e8e0470deb37653a5ad221cc77ca7b9a0c345eb38757686ed19b7408
- SSDEEP
  
  1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oo:59Ry98guHVBqqg2bcruzUHmLKeMMU7GO
Score

10^/10

kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2