kronos | da3579010191adc0aa1bdc287fbb338d9c4aea5b0ce39bb4f8af3d27bfc097ac | Triage

Sharing

General

Target

da3579010191adc0aa1bdc287fbb338d9c4aea5b0ce39bb4f8af3d27bfc097ac
Size

334KB
Sample

221127-tynblabf29
MD5

bbffe40abd328fb813488525582a739c
SHA1

e2d911da1f333a890224f5a2a64ff2519ffcd62c
SHA256

da3579010191adc0aa1bdc287fbb338d9c4aea5b0ce39bb4f8af3d27bfc097ac
SHA512

6b37392fbdfff463aca6e58a83cbaf7a7da4dddebe09fb0f442e503cda1a3d1c6501e054c6b6c921d1bcfa5bf41f3be9d0ed87cbceec51fe85bd113bf74020b5
SSDEEP

6144:P8hbjRDRuvYSggJCsiQbFzjRLdQPanA9fcW7DWaF:P8qYlcCVQbVjNK7/7DWaF

Score

10^/10

kronos banker botnet evasion persistence

Malware Config

Targets

- Target
  
  da3579010191adc0aa1bdc287fbb338d9c4aea5b0ce39bb4f8af3d27bfc097ac
- Size
  
  334KB
- MD5
  
  bbffe40abd328fb813488525582a739c
- SHA1
  
  e2d911da1f333a890224f5a2a64ff2519ffcd62c
- SHA256
  
  da3579010191adc0aa1bdc287fbb338d9c4aea5b0ce39bb4f8af3d27bfc097ac
- SHA512
  
  6b37392fbdfff463aca6e58a83cbaf7a7da4dddebe09fb0f442e503cda1a3d1c6501e054c6b6c921d1bcfa5bf41f3be9d0ed87cbceec51fe85bd113bf74020b5
- SSDEEP
  
  6144:P8hbjRDRuvYSggJCsiQbFzjRLdQPanA9fcW7DWaF:P8qYlcCVQbVjNK7/7DWaF
Score

10^/10

kronos banker botnet evasion persistence
- Kronos
  banker botnet kronos
- Modifies security service
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kronosbankerbotnetevasionpersistence

behavioral2