kinsing | 2afe2fed654c4514265a3d1b0f50cef25b9fc34351887a13d770457ba018492d | Triage

Sharing

General

Target

3_Документи.pdf.exe
Size

1.1MB
Sample

240125-we5smsdadn
MD5

a85a13ceb0a2fb1ac658a6cddc3628a5
SHA1

28ddbc9d2ecb7073fe329c59c73afa52e4973c1d
SHA256

2afe2fed654c4514265a3d1b0f50cef25b9fc34351887a13d770457ba018492d
SHA512

0ced8655cf9b61a28bfeba5d16117caa1c1d87ebfa7622229fe43b0d36eb74bcead44b7f8412f8a38e505d57bcca33a6e3775e310dcd0cf9d1c9cf99ff4c2f47
SSDEEP

24576:JZ37GcN9ytIFGibL4fzXeoRVofL+0zA7TrjkoG0WIorgXIMLVPO2:JB7XK9iyjCT5A7T/SrdMLV22

Score

10^/10

kinsing lumma loader stealer

Malware Config

Extracted

Family

lumma

C2

https://crisisestimatehealtwh.site/api

Targets

- Target
  
  3_Документи.pdf.exe
- Size
  
  1.1MB
- MD5
  
  a85a13ceb0a2fb1ac658a6cddc3628a5
- SHA1
  
  28ddbc9d2ecb7073fe329c59c73afa52e4973c1d
- SHA256
  
  2afe2fed654c4514265a3d1b0f50cef25b9fc34351887a13d770457ba018492d
- SHA512
  
  0ced8655cf9b61a28bfeba5d16117caa1c1d87ebfa7622229fe43b0d36eb74bcead44b7f8412f8a38e505d57bcca33a6e3775e310dcd0cf9d1c9cf99ff4c2f47
- SSDEEP
  
  24576:JZ37GcN9ytIFGibL4fzXeoRVofL+0zA7TrjkoG0WIorgXIMLVPO2:JB7XK9iyjCT5A7T/SrdMLV22
Score

10^/10

kinsing lumma loader stealer
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsinglummaloaderstealer