General
-
Target
SKM-2000012.exe
-
Size
16KB
-
Sample
220929-j7vf6aabd9
-
MD5
0320bf3e8314fa2f5f4d78c8a69d5aef
-
SHA1
3e158ac1149277ac5afc3937644fc3e9b48a2c26
-
SHA256
dea0baa27b4aec785704292890f0c33261fbf51e1cd857c39f563e36251b6430
-
SHA512
80e3dc604cdc5963bc9ef6f9b1ec2571fee076ba8726854dc1b1ce2fd4c968497a828b433dbc5ef200cd334db7580ce0899c95e057c172fdcb6e77fd4b25fc15
-
SSDEEP
192:BINVpJODMlmDJLMl3F8EfqD1Y9HJ2HoaNj4s3n61B2KWW40W6:qLODZLMl3epkHAHvNj4ZaW40W
Static task
static1
Behavioral task
behavioral1
Sample
SKM-2000012.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SKM-2000012.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
SKM-2000012.exe
-
Size
16KB
-
MD5
0320bf3e8314fa2f5f4d78c8a69d5aef
-
SHA1
3e158ac1149277ac5afc3937644fc3e9b48a2c26
-
SHA256
dea0baa27b4aec785704292890f0c33261fbf51e1cd857c39f563e36251b6430
-
SHA512
80e3dc604cdc5963bc9ef6f9b1ec2571fee076ba8726854dc1b1ce2fd4c968497a828b433dbc5ef200cd334db7580ce0899c95e057c172fdcb6e77fd4b25fc15
-
SSDEEP
192:BINVpJODMlmDJLMl3F8EfqD1Y9HJ2HoaNj4s3n61B2KWW40W6:qLODZLMl3epkHAHvNj4ZaW40W
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-