kinsing | 8e5d78774044ceba3066a0214ea16f1718f5489b8d4a8a53984b925072c7fa16 | Triage

Sharing

General

Target

752501dcf3fb2da30771709d786d1bf1
Size

195KB
Sample

240125-wg6gyscbd9
MD5

752501dcf3fb2da30771709d786d1bf1
SHA1

92d352e23f0695307ff42fe32c0cc6939f11a7aa
SHA256

8e5d78774044ceba3066a0214ea16f1718f5489b8d4a8a53984b925072c7fa16
SHA512

cb18a13a0e2ac6d4cf8250fc306ed288f765212028ac5e93732b4c3ba300874bf81ce672f3cf392a12662161a197c5da83487239a9051abf4a311420942eb6a3
SSDEEP

6144:zX88dBeX5oci4bz/uSxd+8ncml+8EbPqN:DBdBy5cEvQ8EbP2

Score

10^/10

kinsing loader persistence

Malware Config

Targets

- Target
  
  752501dcf3fb2da30771709d786d1bf1
- Size
  
  195KB
- MD5
  
  752501dcf3fb2da30771709d786d1bf1
- SHA1
  
  92d352e23f0695307ff42fe32c0cc6939f11a7aa
- SHA256
  
  8e5d78774044ceba3066a0214ea16f1718f5489b8d4a8a53984b925072c7fa16
- SHA512
  
  cb18a13a0e2ac6d4cf8250fc306ed288f765212028ac5e93732b4c3ba300874bf81ce672f3cf392a12662161a197c5da83487239a9051abf4a311420942eb6a3
- SSDEEP
  
  6144:zX88dBeX5oci4bz/uSxd+8ncml+8EbPqN:DBdBy5cEvQ8EbP2
Score

10^/10

persistence kinsing loader
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

kinsingloaderpersistence