kinsing | 787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c | Triage

Submit
Reports

Overview

overview

Static

static

kinsing

ubuntu-22.04-amd64

Sharing

General

Target

kinsing
Size

5.7MB
Sample

241020-sltr6swgrn
MD5

b3039abf2ad5202f4a9363b418002351
SHA1

0ceb8ffb0be23b808b534d744440f4367e17b9c5
SHA256

787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c
SHA512

8b1a1003a021d0f69b9295f496bf550932ce85b096ca7057632756348da1354c2b104ff36e901b27def030b79749c8fc7f54163d6195e5e0cb9b357353ee654e
SSDEEP

49152:wCe/ydXZSrb/TJvO90dL3BmAFd4A64nsfJvaWi9sglz/KbwLjFfiawr1eAOkzDIK:3eidO9suPF+NL4FiBnIrb3rE

Score

10^/10

kinsing xmrig antivm defense_evasion discovery evasion linux miner upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

kinsing

Resource

ubuntu2204-amd64-20240522.1-en

xmrig antivm defense_evasion discovery evasion miner upx

ubuntu-22.04-amd64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  kinsing
- Size
  
  5.7MB
- MD5
  
  b3039abf2ad5202f4a9363b418002351
- SHA1
  
  0ceb8ffb0be23b808b534d744440f4367e17b9c5
- SHA256
  
  787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c
- SHA512
  
  8b1a1003a021d0f69b9295f496bf550932ce85b096ca7057632756348da1354c2b104ff36e901b27def030b79749c8fc7f54163d6195e5e0cb9b357353ee654e
- SSDEEP
  
  49152:wCe/ydXZSrb/TJvO90dL3BmAFd4A64nsfJvaWi9sglz/KbwLjFfiawr1eAOkzDIK:3eidO9suPF+NL4FiBnIrb3rE
Score

10^/10

xmrig antivm defense_evasion discovery evasion miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
- Reads list of loaded kernel modules
  Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigantivmdefense_evasiondiscoveryevasionminerupx

© 2018-2024

Terms | Privacy