Resubmissions

31-10-2022 13:00

221031-p8sa3sahh7 8

31-10-2022 12:40

221031-pv9yzaahf9 8

27-09-2022 19:25

220927-x49nkafddn 10

General

  • Target

    Skype-8.88.0.401.exe

  • Size

    84.6MB

  • Sample

    220927-x49nkafddn

  • MD5

    a354d5d832f5a63c996be3ba24f3793c

  • SHA1

    0eeabbd3654bcb95615ede909eca7f1d8cb1465e

  • SHA256

    bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2

  • SHA512

    f745d04cae393227b344c4fe4ba1d9bdc36058527c1621fd38d19ccc6bdeb15dd4251e66e6db9a88ec41dd59ddf3de357920e58980ca089119416d92c9fc90fc

  • SSDEEP

    1572864:KuEsMZ2eMCgMHNRZzU9P9X6TalSU3OTW+CnamF+U4wYVcnywmh0yyHXFK9auqj:KeM0MNQ6Ty3a3CT+amdwq0yyHXFoqj

Malware Config

Targets

    • Target

      Skype-8.88.0.401.exe

    • Size

      84.6MB

    • MD5

      a354d5d832f5a63c996be3ba24f3793c

    • SHA1

      0eeabbd3654bcb95615ede909eca7f1d8cb1465e

    • SHA256

      bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2

    • SHA512

      f745d04cae393227b344c4fe4ba1d9bdc36058527c1621fd38d19ccc6bdeb15dd4251e66e6db9a88ec41dd59ddf3de357920e58980ca089119416d92c9fc90fc

    • SSDEEP

      1572864:KuEsMZ2eMCgMHNRZzU9P9X6TalSU3OTW+CnamF+U4wYVcnywmh0yyHXFK9auqj:KeM0MNQ6Ty3a3CT+amdwq0yyHXFoqj

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • Vidar log file

      Detects a log file produced by Vidar.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks