kronos | c3b3fcc4d911d24473bf0a1b42e93de250b4ecf1b74632158a54c68013403613 | Triage

Sharing

General

Target

c3b3fcc4d911d24473bf0a1b42e93de250b4ecf1b74632158a54c68013403613
Size

263KB
Sample

221127-se2jfaba9s
MD5

b02ecc516834373f753b4a56428780f1
SHA1

9277f800d44bb7f9b184a8b517bcefc3a2dac752
SHA256

c3b3fcc4d911d24473bf0a1b42e93de250b4ecf1b74632158a54c68013403613
SHA512

78dba7da8f9891299baf98f62c3b8f1991a4a8d52eac4e5d16c831dd5371aec4ba5800faeb188fca3bf170a83cd437f78445a5d309d1d2b4b80af4b698531535
SSDEEP

6144:dPfLIcvFM9DZIhYz4sBc/p7ESYyq33Z7EIKTkq:GvsiIQtHZWk

Score

10^/10

kronos banker botnet persistence

Malware Config

Targets

- Target
  
  c3b3fcc4d911d24473bf0a1b42e93de250b4ecf1b74632158a54c68013403613
- Size
  
  263KB
- MD5
  
  b02ecc516834373f753b4a56428780f1
- SHA1
  
  9277f800d44bb7f9b184a8b517bcefc3a2dac752
- SHA256
  
  c3b3fcc4d911d24473bf0a1b42e93de250b4ecf1b74632158a54c68013403613
- SHA512
  
  78dba7da8f9891299baf98f62c3b8f1991a4a8d52eac4e5d16c831dd5371aec4ba5800faeb188fca3bf170a83cd437f78445a5d309d1d2b4b80af4b698531535
- SSDEEP
  
  6144:dPfLIcvFM9DZIhYz4sBc/p7ESYyq33Z7EIKTkq:GvsiIQtHZWk
Score

10^/10

kronos banker botnet persistence
- Kronos
  banker botnet kronos
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

kronosbankerbotnetpersistence

behavioral2

kronosbankerbotnetpersistence