kronos | fa28a5a8adb0dc346377f393c7a0882c1c8d122c62d84d8ea39a784bc997b6e8 | Triage

Sharing

General

Target

fa28a5a8adb0dc346377f393c7a0882c1c8d122c62d84d8ea39a784bc997b6e8
Size

688KB
Sample

221004-dn4b3aacck
MD5

55e82d0a0ee538ff911e36730ee8da40
SHA1

ffe4ffda16f1ef21ff6a57265aa93f1d6d84f222
SHA256

fa28a5a8adb0dc346377f393c7a0882c1c8d122c62d84d8ea39a784bc997b6e8
SHA512

823998123b6a03a52dc907279ad237b1035c07df197a4a1dd3027605211b81492f45d0d9ad2468291ffb57aab31c154b627f09b965e2138e73d38a50f2c69c7a
SSDEEP

6144:WTXUblJm7Cu9/cHDWLk9bLNZRgWLkmKc0VxS4ZJIh8q8x9dBrtdchM+GO:2UzmZGDp9bLNLgpl5Vxm8vdTEG

Score

10^/10

kronos banker botnet persistence

Malware Config

Targets

- Target
  
  fa28a5a8adb0dc346377f393c7a0882c1c8d122c62d84d8ea39a784bc997b6e8
- Size
  
  688KB
- MD5
  
  55e82d0a0ee538ff911e36730ee8da40
- SHA1
  
  ffe4ffda16f1ef21ff6a57265aa93f1d6d84f222
- SHA256
  
  fa28a5a8adb0dc346377f393c7a0882c1c8d122c62d84d8ea39a784bc997b6e8
- SHA512
  
  823998123b6a03a52dc907279ad237b1035c07df197a4a1dd3027605211b81492f45d0d9ad2468291ffb57aab31c154b627f09b965e2138e73d38a50f2c69c7a
- SSDEEP
  
  6144:WTXUblJm7Cu9/cHDWLk9bLNZRgWLkmKc0VxS4ZJIh8q8x9dBrtdchM+GO:2UzmZGDp9bLNLgpl5Vxm8vdTEG
Score

10^/10

kronos banker botnet persistence
- Kronos
  banker botnet kronos
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kronosbankerbotnetpersistence

behavioral2

kronosbankerbotnetpersistence