krampus[.]zip | Triage

Sharing

General

Target

krampus.zip
Size

6.7MB
MD5

f3a0e48ad8641883f68cedf5f99aa6f9
SHA1

8b82bdd59ed671db5bccac3896d3bd85a6f96adf
SHA256

7216809508038bb48101492a4e93434173b059afb68200ef919557286032cee9
SHA512

a85e173d5a793ceb78a189ea04aa12a25633a0e82ce48152c2efaddf721fd9f3b0c34e2afa6665c32c20abc6489a4896697192059ee45ea447e1bf0ddfd7838d
SSDEEP

196608:buuP/flRYo4qb3xZ4YrT7zqylzEXryOyqI2bd0:bhnle8FHmgE73FIam

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/krampus/krampus/Loader5.6.exe

Files

krampus.zip
.zip
krampus/krampus/Loader5.6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
krampus/krampus/READ ME (ro-exec).txt
krampus/krampus/README IF DOSEN'T WORK.txt
krampus/krampus/backup.zip
.zip
krampus/krampus/ezdebug.png
.png