Overview
overview
10Static
static
7krampus.rar
windows7-x64
3krampus.rar
windows10-2004-x64
3krampus/9W...Oc.exe
windows7-x64
1krampus/9W...Oc.exe
windows10-2004-x64
1krampus/bypass.exe
windows7-x64
10krampus/bypass.exe
windows10-2004-x64
8krampus/token.txt
windows7-x64
1krampus/token.txt
windows10-2004-x64
1General
-
Target
krampus.rar
-
Size
12.6MB
-
Sample
240426-r5c34adg87
-
MD5
91ca00a1ef292ac54dd6a88aec3c20a0
-
SHA1
39b9adc83b78c77af5f14409f99a194920fa7205
-
SHA256
402bcb097fe94f79072e2372d5e082dd0d91d6b8dc3f66435a7fc3f143adc33f
-
SHA512
a531f5dce2039a9ca0ecad26d3b8d18c7b5e9feb22d9b5d21eaab23493320f9d5f30dc034335bd416706fb7b10ef27b3b51cbd20fc9ed70f0eee43254d009c8c
-
SSDEEP
393216:ec8FNsBLVoNTJFQ+QoIYQSo4j4WVUX5KpEUVr+:ejuB6NTJkoIkVKX5EEya
Behavioral task
behavioral1
Sample
krampus.rar
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
krampus.rar
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
krampus/9WTn3BjK3u2drMyMpZtkaOc.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
krampus/9WTn3BjK3u2drMyMpZtkaOc.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
krampus/bypass.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
krampus/bypass.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
krampus/token.txt
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
krampus/token.txt
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
krampus.rar
-
Size
12.6MB
-
MD5
91ca00a1ef292ac54dd6a88aec3c20a0
-
SHA1
39b9adc83b78c77af5f14409f99a194920fa7205
-
SHA256
402bcb097fe94f79072e2372d5e082dd0d91d6b8dc3f66435a7fc3f143adc33f
-
SHA512
a531f5dce2039a9ca0ecad26d3b8d18c7b5e9feb22d9b5d21eaab23493320f9d5f30dc034335bd416706fb7b10ef27b3b51cbd20fc9ed70f0eee43254d009c8c
-
SSDEEP
393216:ec8FNsBLVoNTJFQ+QoIYQSo4j4WVUX5KpEUVr+:ejuB6NTJkoIkVKX5EEya
Score3/10 -
-
-
Target
krampus/9WTn3BjK3u2drMyMpZtkaOc.exe
-
Size
6.0MB
-
MD5
7943be58fd41da2c7797d8dcc64492f6
-
SHA1
0c98ecdd366a9c7b5c983f37dafde36f4a3d9ae0
-
SHA256
e6e2b09d02d832aa0125ca0edd91b6355ed7894486df984bedd3540ef443540f
-
SHA512
be7ab190c664496c72e9d63248bd12f1cab6b4c0bd16e3f9c74234f6fc6486777870bb96cde9fbafd7a1dc195df3cf7379c57ed672fbbcf5e5631bd243e1336a
-
SSDEEP
98304:53LZlfmLzff34R/UOcPUfUjH+nXGygrU9ND5DlIl+QyLb4L+DfRLXoV/A:5Yf6XaQU7ht455yl+zi+1A/
Score1/10 -
-
-
Target
krampus/bypass.exe
-
Size
7.4MB
-
MD5
d3c5584fe92fd455a11fbd471367ed19
-
SHA1
27fbd1494dd1bb3fc342e0d154d488bf1f13840b
-
SHA256
1d66de5a2e89363766d2c02a734a5d9ad042818c215845db86b35723be291ead
-
SHA512
a7a8b8cfe8628214b68d57abbea35d8c504f21bdd15a64224e834321e5afa093a7fa8db4dd069b043ddb2b31a73aa628958d656eae3c1eae2662ee50f36df668
-
SSDEEP
196608:wXyQEUBhASXJXbaH0WE1tTrvOfnDbuQ07t:EE8ASR9WiNunDbuQ07t
Score10/10-
Modifies security service
-
Creates new service(s)
-
Sets service image path in registry
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
krampus/token.txt
-
Size
12B
-
MD5
e035b678949309293a0a419c20fd603c
-
SHA1
cd704a7fbb6aa33b5ea9eb111c2efaf1c9181efa
-
SHA256
42fa94d9e0662dc5447beac7742aa19ca864e271f1b7fad83c3b52f24ce6d596
-
SHA512
d99b158a4feca48a94fdcb74da103b2136ee12c7aa81cdfce2600320c874b694ac4bd8906fda9d8667568c6a5284ecf62a6f72b9ae352d1670521d04d8f58912
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
3Windows Service
3Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1