d3b861fab82e305bc0ed504731aa44fbe4717ef1536c7e7a3049b722d95e4c12 | Triage

Resubmissions

07-05-2024 17:20

240507-vwqvdaad85 4

07-05-2024 16:51

240507-vc4bcshf99 8

Sharing

General

Target

krampus.zip
Size

2.4MB
Sample

240507-vc4bcshf99
MD5

a6ff8476134d69ac2805e9fe6fc8a00d
SHA1

474821d771064683c3fb243b4ab36b3907b3d423
SHA256

d3b861fab82e305bc0ed504731aa44fbe4717ef1536c7e7a3049b722d95e4c12
SHA512

90f3070e11432194661fffb566526c5bd02d6dfa5daefd8e9f23b5d8ea46fb5e2a06d60385edcd4f93fe401d696f642dea21fb5686e426b37aff44ede417192d
SSDEEP

49152:yWRN8FlMWhpRkI91qIQ855/rMIzpwpibr5K6Rb2zAlosZ3QQw0Nlzwpp:yWRmFlMELkI3FzMIzpwpiRKQbjG0r5Ns

Score

8^/10

execution

Malware Config

Targets

- Target
  
  krampus/krampus/Loader5.4.exe
- Size
  
  5.4MB
- MD5
  
  852ac135a3723323566a0c226128913e
- SHA1
  
  49bfbcf275e5cbdc1bb838bd497fb5a32727c2a1
- SHA256
  
  07f15b10ba58970acf83de539bc55c726c1cab3c6ee872d4172a1070c983e306
- SHA512
  
  c0928b9de4c2b8bea188dc1ebbecc76000f3e2aff29fe450ec88de5d28764272f2692e48c761e27113a9617f0210cf9a50cf8c44087a140dcad3f8ace65b4a2c
- SSDEEP
  
  49152:dXBlVZgljh/jCY7894a1DTMqX/akC6lXVkjU9jD5EHsho/CSymeI7++k604TxNB/:5FlY7AgoC6l/Ert7BLQecp
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2