kinsing | b6c672b1cbce711c3881a4316fa2ea60e17302fc42c1b8daa327582172fc96ba | Triage

Sharing

General

Target

b6c672b1cbce711c3881a4316fa2ea60e17302fc42c1b8daa327582172fc96ba
Size

947KB
Sample

240125-we9rlacah7
MD5

dcefbbb5757c8527b8b7a62f515e0910
SHA1

44cd249fcbb8990dc9f40e73f86158d22dbb16bb
SHA256

b6c672b1cbce711c3881a4316fa2ea60e17302fc42c1b8daa327582172fc96ba
SHA512

7bf0a6cf64d1c96786a5b975fba6592989669dcc2e92f0f9d9e1d3c098dfd758597a27246ff3b910f2dc2df17568007cf12c18caf71e5c27a774c5e354ae01a4
SSDEEP

12288:+coJMvnKm7bR3zc4jAEJWYgeWYg955/155/kJ2kVkIPHusDNNQzCbQMoG9E/nVJW:7uMvDzc4jAc2EPJNq+aW

Score

10^/10

kinsing loader ransomware

Malware Config

Targets

- Target
  
  b6c672b1cbce711c3881a4316fa2ea60e17302fc42c1b8daa327582172fc96ba
- Size
  
  947KB
- MD5
  
  dcefbbb5757c8527b8b7a62f515e0910
- SHA1
  
  44cd249fcbb8990dc9f40e73f86158d22dbb16bb
- SHA256
  
  b6c672b1cbce711c3881a4316fa2ea60e17302fc42c1b8daa327582172fc96ba
- SHA512
  
  7bf0a6cf64d1c96786a5b975fba6592989669dcc2e92f0f9d9e1d3c098dfd758597a27246ff3b910f2dc2df17568007cf12c18caf71e5c27a774c5e354ae01a4
- SSDEEP
  
  12288:+coJMvnKm7bR3zc4jAEJWYgeWYg955/155/kJ2kVkIPHusDNNQzCbQMoG9E/nVJW:7uMvDzc4jAc2EPJNq+aW
Score

10^/10

ransomware kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

kinsingloaderransomware