General
-
Target
KrnlsFiles.exe
-
Size
7.7MB
-
Sample
241215-zapgmsxpek
-
MD5
6312471aa28c8c4f5fe03a45286fbae5
-
SHA1
c044ff2115040904d2930c9f8bdef82ee04f0a8f
-
SHA256
ccdd1ed00d7c84911a220628aa81ddc9d94853ccaa93ba096efad45828455c09
-
SHA512
cf1f5ad33ae4f11c5ac1b85cb0f3104e8dee4df3450b1268e510a7e981e7475bd6281346635ba77e5cdd7ddf57c03fc2509aa86c4206fd0d77e7562aba841045
-
SSDEEP
196608:e2DD+kdJWwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeWv:jD5jdIHL7HmBYXrYSaUN9
Behavioral task
behavioral1
Sample
KrnlsFiles.exe
Resource
win10ltsc2021-20241211-en
Malware Config
Targets
-
-
Target
KrnlsFiles.exe
-
Size
7.7MB
-
MD5
6312471aa28c8c4f5fe03a45286fbae5
-
SHA1
c044ff2115040904d2930c9f8bdef82ee04f0a8f
-
SHA256
ccdd1ed00d7c84911a220628aa81ddc9d94853ccaa93ba096efad45828455c09
-
SHA512
cf1f5ad33ae4f11c5ac1b85cb0f3104e8dee4df3450b1268e510a7e981e7475bd6281346635ba77e5cdd7ddf57c03fc2509aa86c4206fd0d77e7562aba841045
-
SSDEEP
196608:e2DD+kdJWwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeWv:jD5jdIHL7HmBYXrYSaUN9
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3