kronos | e7b12609740218f5ef48ef27d571ba3d4e9598f7d092a642f9765a75f12ac75c | Triage

Sharing

General

Target

e7b12609740218f5ef48ef27d571ba3d4e9598f7d092a642f9765a75f12ac75c
Size

365KB
Sample

221127-yg5lrsdf55
MD5

82f62bb57e727ebfdfa3f9017cca1e14
SHA1

4103c4defc71795d4cafd934ef248b8af66fdeae
SHA256

e7b12609740218f5ef48ef27d571ba3d4e9598f7d092a642f9765a75f12ac75c
SHA512

879aa92c054341a2649337f449ff70316fdb2efcb296d16f6062506a9fb704ddfeab5b8b2215146b4713973bf0607f8e0b54e7e781cc16afc58201326261413e
SSDEEP

6144:s6zOPr8Ilap+ML9KiPk6bgQyDx5oqezBbo9N/aMNFxuh5dSqqlJV7fI2ZCO6e/w:s6aPr8IlMHPPXvyt5WBbo9JauJzjtfIn

Score

10^/10

kronos banker botnet persistence

Malware Config

Targets

- Target
  
  e7b12609740218f5ef48ef27d571ba3d4e9598f7d092a642f9765a75f12ac75c
- Size
  
  365KB
- MD5
  
  82f62bb57e727ebfdfa3f9017cca1e14
- SHA1
  
  4103c4defc71795d4cafd934ef248b8af66fdeae
- SHA256
  
  e7b12609740218f5ef48ef27d571ba3d4e9598f7d092a642f9765a75f12ac75c
- SHA512
  
  879aa92c054341a2649337f449ff70316fdb2efcb296d16f6062506a9fb704ddfeab5b8b2215146b4713973bf0607f8e0b54e7e781cc16afc58201326261413e
- SSDEEP
  
  6144:s6zOPr8Ilap+ML9KiPk6bgQyDx5oqezBbo9N/aMNFxuh5dSqqlJV7fI2ZCO6e/w:s6aPr8IlMHPPXvyt5WBbo9JauJzjtfIn
Score

10^/10

kronos banker botnet persistence
- Kronos
  banker botnet kronos
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kronosbankerbotnetpersistence

behavioral2

kronosbankerbotnetpersistence