Overview

overview

8

Static

static

3

krampus/kr....6.exe

windows7-x64

7

krampus/kr....6.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    krampus.zip

  • Size

    6.7MB

  • Sample

    240515-et34xsgf3y

  • MD5

    f3a0e48ad8641883f68cedf5f99aa6f9

  • SHA1

    8b82bdd59ed671db5bccac3896d3bd85a6f96adf

  • SHA256

    7216809508038bb48101492a4e93434173b059afb68200ef919557286032cee9

  • SHA512

    a85e173d5a793ceb78a189ea04aa12a25633a0e82ce48152c2efaddf721fd9f3b0c34e2afa6665c32c20abc6489a4896697192059ee45ea447e1bf0ddfd7838d

  • SSDEEP

    196608:buuP/flRYo4qb3xZ4YrT7zqylzEXryOyqI2bd0:bhnle8FHmgE73FIam

Score
8/10
execution

Malware Config

Targets

    • Target

      krampus/krampus/Loader5.6.exe

    • Size

      7.8MB

    • MD5

      cf09d3f1d78438e003feb105fe2f6d90

    • SHA1

      fed0f385b5d2bb6e392ce23412ed36c9a1c39c96

    • SHA256

      1e76b2cde512e006d147f7b75afb43361dff5b60143d68b2bc1575b36d69508f

    • SHA512

      ab00c69ca51491f3b096d9eecc7b205c847a07ca5f5ebc33c800e698202c0982c49c7301a89912548e8b0166e45de40b0c411cd0a630586c470f0a368a828682

    • SSDEEP

      196608:A3v65mVHWqmI3x57Dnnm02ApYF8+iWzJ:A/5V2qm0xl76/di

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks