kronos | 1c59a3704077758f0798e37357b278e7dae15fd122d64f1e42d5050821e0176b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1c59a37040...6b.exe

windows7_x64

1c59a37040...6b.exe

windows10-2004_x64

Sharing

General

Target

1c59a3704077758f0798e37357b278e7dae15fd122d64f1e42d5050821e0176b
Size

372KB
Sample

220607-taj92afaem
MD5

2d0f0ce93e4b45065dbf412d6c99fd63
SHA1

a586bd6a4a602a7805f61b32170e6dc27d14b5a1
SHA256

1c59a3704077758f0798e37357b278e7dae15fd122d64f1e42d5050821e0176b
SHA512

7aa837aa7ee32d8bd76c6461db3e1a9a3d7e681fca7bd8146566fbfa6108656034cfd1a7abbd6b2ab4dcc6a41de2b491655bf333a08a241f51c495fb75e6d236

Score

10^/10

kronos banker botnet persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

1c59a3704077758f0798e37357b278e7dae15fd122d64f1e42d5050821e0176b.exe

Resource

win7-20220414-en

kronos banker botnet persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1c59a3704077758f0798e37357b278e7dae15fd122d64f1e42d5050821e0176b.exe

Resource

win10v2004-20220414-en

kronos banker botnet persistence suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1c59a3704077758f0798e37357b278e7dae15fd122d64f1e42d5050821e0176b
- Size
  
  372KB
- MD5
  
  2d0f0ce93e4b45065dbf412d6c99fd63
- SHA1
  
  a586bd6a4a602a7805f61b32170e6dc27d14b5a1
- SHA256
  
  1c59a3704077758f0798e37357b278e7dae15fd122d64f1e42d5050821e0176b
- SHA512
  
  7aa837aa7ee32d8bd76c6461db3e1a9a3d7e681fca7bd8146566fbfa6108656034cfd1a7abbd6b2ab4dcc6a41de2b491655bf333a08a241f51c495fb75e6d236
Score

10^/10

kronos banker botnet persistence suricata
- Kronos
  banker botnet kronos
- suricata: ET MALWARE Kronos Checkin
  suricata: ET MALWARE Kronos Checkin
  suricata
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kronosbankerbotnetpersistence

behavioral2

kronosbankerbotnetpersistencesuricata

© 2018-2025

Terms | Privacy