General

  • Target

    SKM_004202005000.exe

  • Size

    538KB

  • Sample

    201109-t8qzhbdzm6

  • MD5

    7b29ed387e5ee010639af0fad63d582b

  • SHA1

    b68dfa3f4220665d4c0bb90480305d79948e838e

  • SHA256

    51d5ab8487876cbc9c82c7450affdab67de13f1ff8b126f82fefa4281698ad59

  • SHA512

    d905c44ac09aaece6b72acf53897c273ecd36512f5ac5d054b4217bdd290aa4c4dee6262c4c85f9a1cd67abd7f0c102a4fdfec4deab0c99d813192cbca166b70

Malware Config

Targets

    • Target

      SKM_004202005000.exe

    • Size

      538KB

    • MD5

      7b29ed387e5ee010639af0fad63d582b

    • SHA1

      b68dfa3f4220665d4c0bb90480305d79948e838e

    • SHA256

      51d5ab8487876cbc9c82c7450affdab67de13f1ff8b126f82fefa4281698ad59

    • SHA512

      d905c44ac09aaece6b72acf53897c273ecd36512f5ac5d054b4217bdd290aa4c4dee6262c4c85f9a1cd67abd7f0c102a4fdfec4deab0c99d813192cbca166b70

    • 404 Keylogger

      Information stealer and keylogger first seen in 2019.

    • 404 Keylogger Main Executable

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks