kronos | 120cd3dc895723f8e5ef3e5b391527b375e7e2d9f80839a2301f0861d3c852ba | Triage

Sharing

General

Target

120cd3dc895723f8e5ef3e5b391527b375e7e2d9f80839a2301f0861d3c852ba
Size

360KB
Sample

220603-2lx92afee5
MD5

e558c68f684dff0930fa3167a3d85385
SHA1

94cf171669401068b8047c04f0679bbd2f3c24df
SHA256

120cd3dc895723f8e5ef3e5b391527b375e7e2d9f80839a2301f0861d3c852ba
SHA512

e3d9c7c003c697775682444782a6b4068132b314c06248c12aecc53fc04135ce920437e06f329c873605370cbb0eb645d381c6c7851eae1da3fd4b313a8db482

Score

10^/10

kronos banker botnet persistence spyware stealer

Malware Config

Targets

- Target
  
  120cd3dc895723f8e5ef3e5b391527b375e7e2d9f80839a2301f0861d3c852ba
- Size
  
  360KB
- MD5
  
  e558c68f684dff0930fa3167a3d85385
- SHA1
  
  94cf171669401068b8047c04f0679bbd2f3c24df
- SHA256
  
  120cd3dc895723f8e5ef3e5b391527b375e7e2d9f80839a2301f0861d3c852ba
- SHA512
  
  e3d9c7c003c697775682444782a6b4068132b314c06248c12aecc53fc04135ce920437e06f329c873605370cbb0eb645d381c6c7851eae1da3fd4b313a8db482
Score

10^/10

kronos banker botnet persistence spyware stealer
- Kronos
  banker botnet kronos
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kronosbankerbotnetpersistencespywarestealer

behavioral2

kronosbankerbotnetpersistencespywarestealer