General

  • Target

    kronos.js

  • Size

    2.5MB

  • Sample

    210113-62nqpvgfh2

  • MD5

    bd52c3fcb98700992066743b021876dd

  • SHA1

    c711676cf2dadffa73b3bd03de01fc3e6ea4e892

  • SHA256

    a0081f88e43338810fe23bd2e1fba8857b45f4378df38fc0c217426468b924fc

  • SHA512

    24b6831f75736ba70ba8fd00263391e220c7e7cbf3c0d9ed1bfb24f92384a4694282509864d139950afaa910a2c278371354e61a51348b652419bd9c405d7e3b

Score
10/10

Malware Config

Targets

    • Target

      kronos.js

    • Size

      2.5MB

    • MD5

      bd52c3fcb98700992066743b021876dd

    • SHA1

      c711676cf2dadffa73b3bd03de01fc3e6ea4e892

    • SHA256

      a0081f88e43338810fe23bd2e1fba8857b45f4378df38fc0c217426468b924fc

    • SHA512

      24b6831f75736ba70ba8fd00263391e220c7e7cbf3c0d9ed1bfb24f92384a4694282509864d139950afaa910a2c278371354e61a51348b652419bd9c405d7e3b

    Score
    10/10
    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks