Overview

overview

7

Static

static

3

Kilogram.exe

windows10-2004-x64

7

Kilogram.exe

windows10-1703-x64

7

Kilogram.pyc

windows10-2004-x64

3

Kilogram.pyc

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kilogram.exe

  • Size

    16.2MB

  • Sample

    240423-y6v4mabe2z

  • MD5

    415d6c2e6cad1468ffe9dc9e45169d2c

  • SHA1

    c6bde1dc499d33582f81a369386a6f35b050b6b1

  • SHA256

    eb856f3b603839ef320a7223e1479662abfff6da84a289bddf693b299f3ab56d

  • SHA512

    92c5f3bab9e3df32d1f1dc7f6cb66b33cc578be4de13b80245d216e8a7fbb08ce49efd4e061508e9ee92def98d6a83e565f15cf1d43230bee9b442b187f939dc

  • SSDEEP

    393216:Wv90+5gDkTh2Jp5MwurEUWjsrz7E5PKk9buK+x:o9PvThidb8z7bkEK+

Score
7/10
pyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Kilogram.exe

    • Size

      16.2MB

    • MD5

      415d6c2e6cad1468ffe9dc9e45169d2c

    • SHA1

      c6bde1dc499d33582f81a369386a6f35b050b6b1

    • SHA256

      eb856f3b603839ef320a7223e1479662abfff6da84a289bddf693b299f3ab56d

    • SHA512

      92c5f3bab9e3df32d1f1dc7f6cb66b33cc578be4de13b80245d216e8a7fbb08ce49efd4e061508e9ee92def98d6a83e565f15cf1d43230bee9b442b187f939dc

    • SSDEEP

      393216:Wv90+5gDkTh2Jp5MwurEUWjsrz7E5PKk9buK+x:o9PvThidb8z7bkEK+

    Score
    7/10
    spywarestealerupx

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Kilogram.pyc

    • Size

      45KB

    • MD5

      ad75a5f16493aae89db7464fc99a1fa9

    • SHA1

      7717e99da0fbf6039a3db22fcc79b7a105917943

    • SHA256

      fb1cbbe9945f0383210d82ec4ac025c96b84a2bd3422a370558e0e1e867f81c8

    • SHA512

      cbfafe03aa84dd5909d09678c57cbbab72c87a19ae41d6bdf280508bce675d3715704fee539406225e36c98c2a3e589655005731804cf241ebe1eb728151ee89

    • SSDEEP

      768:n9JWujqdLOCdVYORsHAaIi3sjSFY0AJvwm3UYIz67fl+X8EOe2W8DlhLx3V9:n9JWu2dLOeYORuIeqgY0AJJ3G2Dl+svh

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks