kronos | aa368679c530fc2019fe5467eb973a17c4b37c395288781b0a32c20e40a360d3 | Triage

Sharing

General

Target

aa368679c530fc2019fe5467eb973a17c4b37c395288781b0a32c20e40a360d3
Size

344KB
Sample

221108-fp5bvshdc3
MD5

14a20867d0d6519be768b17ad3cefefe
SHA1

c955e587f0f84df8cfd27b23f70be1de11253b29
SHA256

aa368679c530fc2019fe5467eb973a17c4b37c395288781b0a32c20e40a360d3
SHA512

69b50b95e59ccd2e19577e22560edff5d63c844558b05456481c83d7678dff50a99798ff7132b0aeb728795f14fe77222096a3b5e2296fdb80b95ca310f2807e
SSDEEP

6144:RerQu7SGFRDauuLk8fk3tdG2smOOHhmlbobTfCF9NRRya6AE7Gya6AE:UcKSyQ2dBhhmlbot

Score

10^/10

kronos banker botnet evasion persistence

Malware Config

Targets

- Target
  
  aa368679c530fc2019fe5467eb973a17c4b37c395288781b0a32c20e40a360d3
- Size
  
  344KB
- MD5
  
  14a20867d0d6519be768b17ad3cefefe
- SHA1
  
  c955e587f0f84df8cfd27b23f70be1de11253b29
- SHA256
  
  aa368679c530fc2019fe5467eb973a17c4b37c395288781b0a32c20e40a360d3
- SHA512
  
  69b50b95e59ccd2e19577e22560edff5d63c844558b05456481c83d7678dff50a99798ff7132b0aeb728795f14fe77222096a3b5e2296fdb80b95ca310f2807e
- SSDEEP
  
  6144:RerQu7SGFRDauuLk8fk3tdG2smOOHhmlbobTfCF9NRRya6AE7Gya6AE:UcKSyQ2dBhhmlbot
Score

10^/10

kronos banker botnet evasion persistence
- Kronos
  banker botnet kronos
- Modifies security service
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

kronosbankerbotnetevasionpersistence

behavioral2

kronosbankerbotnetpersistence