Overview

overview

10

Static

static

10

2024-05-14...or.exe

windows7-x64

9

2024-05-14...or.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-14_2c12966f39149ed4dcd09008db40968c_krakencryptor.exe

  • Size

    18.5MB

  • MD5

    2c12966f39149ed4dcd09008db40968c

  • SHA1

    b590dc736567a12c25d1d9caa46e2e53113bc36b

  • SHA256

    0f90fd78b6cab7c159880d10cd32d8185fc578763d75ce7f69576d6abaa5497a

  • SHA512

    e86aa2d48857c356e3a7ee68bfe16161b5577d3fb66bc0f0209a2469fa088fc0e787734385a789582bbd84cb986122fae69f976c8d7557417955e4ec34fd2f38

  • SSDEEP

    196608:pnlWyCw8ouzUWgXhzhb9fd5rqKuSDuZSGjdXhzhb9fd5rq/irSjVN8iNISwWYVi:Jl7fdpqz2uscfdpq/FXGV

Score
9/10
persistencespywarestealer

Malware Config

Signatures

  • Detects executables containing base64 encoded User Agent 1 IoCs
  • Detects executables packed with SmartAssembly 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-14_2c12966f39149ed4dcd09008db40968c_krakencryptor.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-14_2c12966f39149ed4dcd09008db40968c_krakencryptor.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    PID:1652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Costura\A9E749E1D3B172F60572AEAC17C151F6\32\bouncycastle.crypto.dll
    Filesize

    2.5MB

    MD5

    3551343fab213740bbb022e3a6dcf27b

    SHA1

    de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

    SHA256

    5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

    SHA512

    e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Costura\A9E749E1D3B172F60572AEAC17C151F6\32\icsharpcode.sharpziplib.dll
    Filesize

    194KB

    MD5

    cc547565785085d77197950305ff88d6

    SHA1

    e2d92d4139ff587c9ae02ef00e0579da0a9c896a

    SHA256

    2c32b22249ca820844cb40305e6353e8ca2f52737e5f5ee13f6bb8b36ade7263

    SHA512

    c096df120453193d633e800cfbd86049327308f98ff05a042232048f2f9ff7f6143b7d7166214d030c030ae01652e673a6ecba0a1623814739dd9181e7aebfea

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Costura\A9E749E1D3B172F60572AEAC17C151F6\32\newtonsoft.json.dll
    Filesize

    683KB

    MD5

    6815034209687816d8cf401877ec8133

    SHA1

    1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

    SHA256

    7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

    SHA512

    3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Costura\A9E749E1D3B172F60572AEAC17C151F6\32\sqlite.interop.dll
    Filesize

    1.3MB

    MD5

    8ee703ae220be11a81d3eaf4eb9106e7

    SHA1

    db7dc6a2f8887475bea01e7b3612c8d79c3500c1

    SHA256

    1272e3a910e0c5c6930bfb80e738b5842e447ad42496e3e10abc1380377e45f7

    SHA512

    4b13b270d175062ac6f69e905a81303089dd0225f4bf7cf149bfc6c54a3ee0ba938729eba00f0ca0bb56790cc8af0c86cac3bc3497791cd7518bbf65db4d6779

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Costura\A9E749E1D3B172F60572AEAC17C151F6\32\sqlite3.dll
    Filesize

    807KB

    MD5

    16a1612789dc9063ebea1cb55433b45b

    SHA1

    438fde2939bbb9b5b437f64f21c316c17ce4a7f6

    SHA256

    6deaec2f96c8a1c20698a93ddd468d5447b55ac426dc381eef5d91b19953bb7b

    SHA512

    d727ce8cd793c09a8688accb7a2eb5d8f84cc198b8e9d51c21e2dfb11d850f3ac64a58d07ff7fe9d1a2fdb613567e4790866c08a423176216ff310bf24a5a7e3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Costura\A9E749E1D3B172F60572AEAC17C151F6\32\system.data.sqlite.dll
    Filesize

    355KB

    MD5

    17bb52713d75f8b334a311bd27cf5f23

    SHA1

    24446d9f4e639454f36b6edcc187834a059b6082

    SHA256

    6c156f7cf30a6c1e2538e8ee8744f641a9270e9b3a1d5b13c8486ea8b8cd5b03

    SHA512

    33934dd07f98c87b4c86d0c60c64bfe5fa5bcd74f314af9069a0fcaa9a3bfefe331ab751652ced5fa100a490088f063421f0be14a7c6e995665c0ef5d01c168c

    Download Submit

  • memory/1652-0-0x000000007499E000-0x000000007499F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1652-1-0x0000000000C00000-0x0000000001E7E000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/1652-25-0x0000000074990000-0x000000007507E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1652-27-0x0000000061E00000-0x0000000061EB6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1652-29-0x000000007499E000-0x000000007499F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1652-30-0x0000000074990000-0x000000007507E000-memory.dmp

    Filesize

    6.9MB

    Download