klingon | c9a2a966086a37276cc200c0f22f735d49df4e87f591fe806ca8d8597b9f60b7 | Triage

Submit
Reports

Overview

overview

Static

static

8

c9a2a96608...b7.exe

windows7_x64

c9a2a96608...b7.exe

windows10_x64

Sharing

General

Target

c9a2a966086a37276cc200c0f22f735d49df4e87f591fe806ca8d8597b9f60b7
Size

3.1MB
Sample

210618-f49n1ljv3n
MD5

327090cbddf94fc901662f0e863ba0cb
SHA1

fd357aad2d5529127d90757987a2c5ce88ea2a76
SHA256

c9a2a966086a37276cc200c0f22f735d49df4e87f591fe806ca8d8597b9f60b7
SHA512

16b971fab6ed01c1f72982baa11e9c2e110093746b49daa9387c329718b27b7586090fc59014a4459f14078a568497b4f96ee05e1bb65a57bca27b20959595c6

Score

10^/10

klingon persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c9a2a966086a37276cc200c0f22f735d49df4e87f591fe806ca8d8597b9f60b7.exe

Resource

win7v20210410

klingon persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c9a2a966086a37276cc200c0f22f735d49df4e87f591fe806ca8d8597b9f60b7.exe

Resource

win10v20210408

klingon persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c9a2a966086a37276cc200c0f22f735d49df4e87f591fe806ca8d8597b9f60b7
- Size
  
  3.1MB
- MD5
  
  327090cbddf94fc901662f0e863ba0cb
- SHA1
  
  fd357aad2d5529127d90757987a2c5ce88ea2a76
- SHA256
  
  c9a2a966086a37276cc200c0f22f735d49df4e87f591fe806ca8d8597b9f60b7
- SHA512
  
  16b971fab6ed01c1f72982baa11e9c2e110093746b49daa9387c329718b27b7586090fc59014a4459f14078a568497b4f96ee05e1bb65a57bca27b20959595c6
Score

10^/10

klingon persistence trojan upx
- Klingon
  Klingon is a remote access trojan written in Golang with various capabilities.
  trojan klingon
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

klingonpersistencetrojanupx

behavioral2

klingonpersistencetrojanupx

© 2018-2024

Terms | Privacy