General
-
Target
kronos.js
-
Size
2.5MB
-
Sample
210113-62nqpvgfh2
-
MD5
bd52c3fcb98700992066743b021876dd
-
SHA1
c711676cf2dadffa73b3bd03de01fc3e6ea4e892
-
SHA256
a0081f88e43338810fe23bd2e1fba8857b45f4378df38fc0c217426468b924fc
-
SHA512
24b6831f75736ba70ba8fd00263391e220c7e7cbf3c0d9ed1bfb24f92384a4694282509864d139950afaa910a2c278371354e61a51348b652419bd9c405d7e3b
Static task
static1
Behavioral task
behavioral1
Sample
kronos.js
Resource
win7v20201028
Malware Config
Targets
-
-
Target
kronos.js
-
Size
2.5MB
-
MD5
bd52c3fcb98700992066743b021876dd
-
SHA1
c711676cf2dadffa73b3bd03de01fc3e6ea4e892
-
SHA256
a0081f88e43338810fe23bd2e1fba8857b45f4378df38fc0c217426468b924fc
-
SHA512
24b6831f75736ba70ba8fd00263391e220c7e7cbf3c0d9ed1bfb24f92384a4694282509864d139950afaa910a2c278371354e61a51348b652419bd9c405d7e3b
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-