Overview

overview

10

Static

static

kronos.exe

windows7_x64

10

kronos.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kronos.exe

  • Size

    429KB

  • Sample

    210626-52nc2dwaze

  • MD5

    de9ab737905e09b69b28dc0999d08894

  • SHA1

    9278a2cf97b5bd635d9950cab38afc3f82558506

  • SHA256

    ffc1cfe4cfa36477ead629bd1a2c6ffb266502c3261b85de431137da411320a8

  • SHA512

    698c4d119dd35fe3dc62e824d175374f9eb41925df7931b78cd33b96137b7d99f76f19889f4ca716bc3719b77d089b1772001028410473fb09d64462c08c680e

Score
10/10
kronosbankerbotnetpersistencespywarestealer

Malware Config

Targets

    • Target

      kronos.exe

    • Size

      429KB

    • MD5

      de9ab737905e09b69b28dc0999d08894

    • SHA1

      9278a2cf97b5bd635d9950cab38afc3f82558506

    • SHA256

      ffc1cfe4cfa36477ead629bd1a2c6ffb266502c3261b85de431137da411320a8

    • SHA512

      698c4d119dd35fe3dc62e824d175374f9eb41925df7931b78cd33b96137b7d99f76f19889f4ca716bc3719b77d089b1772001028410473fb09d64462c08c680e

    Score
    10/10
    kronosbankerbotnetpersistencespywarestealer

    • Kronos

      bankerbotnetkronos

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks