Overview

overview

10

Static

static

Skype-8.87.0.406.exe

windows7-x64

10

Skype-8.87.0.406.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Skype-8.87.0.406.exe

  • Size

    84.9MB

  • Sample

    220816-kap1vahdd7

  • MD5

    6a52b4efb00ea46c34f924acc2b2e289

  • SHA1

    feecc09bf944b9e663acdd2aa07e36f4f3b2a5ce

  • SHA256

    5b0dc5071cf7fdc13f1b2e10ef06c1161be85aec193ea7dd5ac8c60738fd6d5f

  • SHA512

    0081cbab52198a6ce08c52da51138ad653614e131542d533c68d57ab36c7d3d816bad61f622b8c3cbaf519e074c695837c1a02efbad928cb917a3af93e696046

Score
10/10
massloggerzloaderbotnetdiscoverypersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Skype-8.87.0.406.exe

    • Size

      84.9MB

    • MD5

      6a52b4efb00ea46c34f924acc2b2e289

    • SHA1

      feecc09bf944b9e663acdd2aa07e36f4f3b2a5ce

    • SHA256

      5b0dc5071cf7fdc13f1b2e10ef06c1161be85aec193ea7dd5ac8c60738fd6d5f

    • SHA512

      0081cbab52198a6ce08c52da51138ad653614e131542d533c68d57ab36c7d3d816bad61f622b8c3cbaf519e074c695837c1a02efbad928cb917a3af93e696046

    Score
    10/10
    massloggerzloaderbotnetdiscoverypersistencespywarestealertrojan

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • Vidar log file

      Detects a log file produced by Vidar.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks