kronos | c9fe44239070bb2a048ea3c044471112f340049cacb87522de5adbc74d687bb2 | Triage

Sharing

General

Target

55c2663cfb4eb03f1e7d298fe4504d1a_JaffaCakes118
Size

282KB
Sample

240718-cmy6aatfla
MD5

55c2663cfb4eb03f1e7d298fe4504d1a
SHA1

61b2c80c8c8dd4935fa7cbfdcbecccd13b38bf12
SHA256

c9fe44239070bb2a048ea3c044471112f340049cacb87522de5adbc74d687bb2
SHA512

03a5b1e6f74da5d52342f910f66e000c1d7d37f52a59432f6cc1ba18020c907504260fd77070378348359fb0de5311edecb554ff17623d410915315f26a61399
SSDEEP

6144:CVl2IPffs2yJp8qTBqjMt26SMZ8FpD95qqDLuHzE1Q:sTDyJGqTsjMt2TM8FpD90qnuTEa

Score

10^/10

kronos banker botnet evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  55c2663cfb4eb03f1e7d298fe4504d1a_JaffaCakes118
- Size
  
  282KB
- MD5
  
  55c2663cfb4eb03f1e7d298fe4504d1a
- SHA1
  
  61b2c80c8c8dd4935fa7cbfdcbecccd13b38bf12
- SHA256
  
  c9fe44239070bb2a048ea3c044471112f340049cacb87522de5adbc74d687bb2
- SHA512
  
  03a5b1e6f74da5d52342f910f66e000c1d7d37f52a59432f6cc1ba18020c907504260fd77070378348359fb0de5311edecb554ff17623d410915315f26a61399
- SSDEEP
  
  6144:CVl2IPffs2yJp8qTBqjMt26SMZ8FpD95qqDLuHzE1Q:sTDyJGqTsjMt2TM8FpD90qnuTEa
Score

10^/10

kronos banker botnet evasion persistence spyware stealer
- Kronos
  banker botnet kronos
- Modifies security service
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kronosbankerbotnetevasionpersistencespywarestealer

behavioral2

kronosbankerbotnetpersistencespywarestealer