kinsing | 8c9481f3d8e34722348ad2af46c3437494f55bd700338a571b10deb2b5b0b412 | Triage

Sharing

General

Target

7522dc5a163d4c239ff4a6f347c697b1
Size

187KB
Sample

240125-we61pscah5
MD5

7522dc5a163d4c239ff4a6f347c697b1
SHA1

aea492a8555383c8f9fee9ddd0942f357771e4b1
SHA256

8c9481f3d8e34722348ad2af46c3437494f55bd700338a571b10deb2b5b0b412
SHA512

d424ee40605d3d62489954268737dda35ddc5fe3ab2a3765bbab7acc1a737389a6648aabd4ccd578a1029a9e3dc843aba5af0bf525c4efa48b1e93e8d8db9682
SSDEEP

3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8qh1K:o68i3odBiTl2+TCU/R1K

Score

10^/10

kinsing loader persistence

Malware Config

Targets

- Target
  
  7522dc5a163d4c239ff4a6f347c697b1
- Size
  
  187KB
- MD5
  
  7522dc5a163d4c239ff4a6f347c697b1
- SHA1
  
  aea492a8555383c8f9fee9ddd0942f357771e4b1
- SHA256
  
  8c9481f3d8e34722348ad2af46c3437494f55bd700338a571b10deb2b5b0b412
- SHA512
  
  d424ee40605d3d62489954268737dda35ddc5fe3ab2a3765bbab7acc1a737389a6648aabd4ccd578a1029a9e3dc843aba5af0bf525c4efa48b1e93e8d8db9682
- SSDEEP
  
  3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8qh1K:o68i3odBiTl2+TCU/R1K
Score

10^/10

persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kinsingloaderpersistence