General
-
Target
75229e9db81837f956adb4996c50ffbe
-
Size
228KB
-
Sample
240125-wemxtsdacp
-
MD5
75229e9db81837f956adb4996c50ffbe
-
SHA1
f95dc596a21b353fbfa3a0456b065c898a551da7
-
SHA256
3a6c47f87c9443000e952eb0152da7d882c0df02a0a5af3f9288c10841a3f31d
-
SHA512
35d947f2a3eba28f3fd03010fab8177b7e72de2ef68d9be1f499142cdded424de73ea61c21213071a57665743265b8325d0d4ff00698fbb3593d5879f4b40984
-
SSDEEP
6144:FEh3PFKs7aaOKW8alhrEqxF6snji81RUinKGHgDDSa:FEtPhvENPH6Dn
Malware Config
Targets
-
-
Target
75229e9db81837f956adb4996c50ffbe
-
Size
228KB
-
MD5
75229e9db81837f956adb4996c50ffbe
-
SHA1
f95dc596a21b353fbfa3a0456b065c898a551da7
-
SHA256
3a6c47f87c9443000e952eb0152da7d882c0df02a0a5af3f9288c10841a3f31d
-
SHA512
35d947f2a3eba28f3fd03010fab8177b7e72de2ef68d9be1f499142cdded424de73ea61c21213071a57665743265b8325d0d4ff00698fbb3593d5879f4b40984
-
SSDEEP
6144:FEh3PFKs7aaOKW8alhrEqxF6snji81RUinKGHgDDSa:FEtPhvENPH6Dn
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-