kronos | eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec | Triage

Sharing

General

Target

eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec
Size

231KB
Sample

221127-r1v34sec56
MD5

f780458c5331d4e58d09f9363e7f641d
SHA1

0781cb65e390dade1110d0fe3e27caadd1dfd5da
SHA256

eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec
SHA512

0106e722ae70e519192008c348d3cedf245f05225a22fce37c45619f51a52a1f8f9f51db849ba619d58112c24d08caeaf6db2fa5b41110e7b12298d6e4bf8ca1
SSDEEP

6144:sa0eTLgMMHT7VTBqo0UxdgBzTLzAQ75lmIGLrDbLrDMdyFFNHe1/EhNzIjEfQqqb:sa00LIHTZTsaksh2EfVqnu

Score

10^/10

kronos banker botnet evasion persistence

Malware Config

Targets

- Target
  
  eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec
- Size
  
  231KB
- MD5
  
  f780458c5331d4e58d09f9363e7f641d
- SHA1
  
  0781cb65e390dade1110d0fe3e27caadd1dfd5da
- SHA256
  
  eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec
- SHA512
  
  0106e722ae70e519192008c348d3cedf245f05225a22fce37c45619f51a52a1f8f9f51db849ba619d58112c24d08caeaf6db2fa5b41110e7b12298d6e4bf8ca1
- SSDEEP
  
  6144:sa0eTLgMMHT7VTBqo0UxdgBzTLzAQ75lmIGLrDbLrDMdyFFNHe1/EhNzIjEfQqqb:sa00LIHTZTsaksh2EfVqnu
Score

10^/10

kronos banker botnet evasion persistence
- Kronos
  banker botnet kronos
- Modifies security service
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

kronosbankerbotnetevasionpersistence

behavioral2

kronosbankerbotnetpersistence