f42c39305ae9cce6622a173a9d1a2b0886ff9edef2cd0957bc111d8a17062ecb | Triage

Sharing

General

Target

Krampus.zip
Size

390KB
Sample

240810-k6w42axfre
MD5

5ffd58d551c8e43ad90a68dd58ab617e
SHA1

10a6ff99eb062f89d2622398ec3602799833abb4
SHA256

f42c39305ae9cce6622a173a9d1a2b0886ff9edef2cd0957bc111d8a17062ecb
SHA512

f21758e744dedb2c8395dea47b28c6f903e026c5da8614c28719a80d11d24674580c9ea939dc7fdccc31b46d7173d49c36f0072e09b104fd8713e74cb3d221a2
SSDEEP

12288:LANUGCFJT0UD1oqt6ZVfZ6I6GWv8xx/6nuommZnhcS:LAmFJ7b0PhZW8x/6nl5ZhcS

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  Launcher.bat
- Size
  
  724B
- MD5
  
  9edcc8710e562b5daeed73acaa17e2fd
- SHA1
  
  a3d7d0a26c3a058ff0b3a25c64d43397f1823d95
- SHA256
  
  f1ed443faa01092320e04e0231327bd59c6df7344ad0f46ca4885d28aa2afd60
- SHA512
  
  312fec45d3897ecc67285694a73d4fc7ef044b6f3aa1e6a9d5a8cee0b1b70204396b43fe014a4680c539427c070f199ff91f151fbdc2ae8e0d97f1b3fca3cb4a
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  conf
- Size
  
  156KB
- MD5
  
  bdec530c93a6d9dea9fb4ea147f1f44c
- SHA1
  
  c027d59a30392fcc0be410cb921352360bb08f7b
- SHA256
  
  4464be92e1a9c00e808fe6913afe721743e3e5f7693edb944499e3700ea6a308
- SHA512
  
  4042aeb8391a61b20f3c9d7581a098e333265583f00f80b70d56a0344c37a60d8c32bd0b9816d499ab27a0aa406e7a3ed3a4a7f87189d8c030de6dc4bfdc773c
- SSDEEP
  
  3072:p43rMpuwyY7tqkLl+UW22qluZwtGXYUfacYY63/KeBGI4Co:pirMpuwyY5qigqQatmYUfv63/sOo
Score

1^/10
behavioral3 behavioral4
- Target
  
  lua51.dll
- Size
  
  389KB
- MD5
  
  0d9372c4330d5b28facaecd6e79425db
- SHA1
  
  7f9bb438491ece766a82a780e52cbd65f5365352
- SHA256
  
  76ef35bf0dd866ac5afd584c44236bee1bb842b530390ad28936fe231ddd348f
- SHA512
  
  4f7d17acff71f3ff3955df4073c82efd1106608c62fe417b302e36a9071a345444b0087a1ec8fce76edf5e5fbf7f189d30307b34037b31c03e4788485f1468a9
- SSDEEP
  
  12288:miZ+ox9piQ8G27pC6Yyu5t60O0MJuAghAuNwABu:me19pm7pCuCt6+w
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  luajit.exe
- Size
  
  203KB
- MD5
  
  8ad49358425e90ff343ceffb5f210e45
- SHA1
  
  ea6ce5812b400d79633c40e2134fd83a5ced8864
- SHA256
  
  9eab36db66b73db1273f356db20658b91a0c2fb7879a86eedb32efb16fa13ef0
- SHA512
  
  37a9a8be869d6b1f179fb6764a6e90b314f7e9c1d8eb068ef0c23117309bc1ccb4313fb8fc914ba56c7da2d59ac5aa7e135e7dbff707654b343a901a43535cc5
- SSDEEP
  
  3072:unvavn6z2TMRXs0I0ziBev6pQBeXEmZQCJeoH6ctzJQel5axhtvbOEUgnuBKn7+T:uva5TMRXs0IKiBDbZt4Ggn77+ez3V8
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8