Overview
overview
9Static
static
7SkyFlick2....ot.exe
windows10-2004-x64
SkyFlick2....ID.exe
windows10-2004-x64
9SkyFlick2....k2.exe
windows10-2004-x64
8SkyFlick2....D2.exe
windows10-2004-x64
SkyFlick2....in.exe
windows10-2004-x64
5SkyFlick2....in.exe
windows10-2004-x64
7SkyFlick2....64.dll
windows10-2004-x64
3SkyFlick2....ag.exe
windows10-2004-x64
1SkyFlick2....rl.dll
windows10-2004-x64
3SkyFlick2....b1.dll
windows10-2004-x64
3General
-
Target
SkyFlick2.1_WIN11.zip
-
Size
22.7MB
-
Sample
230327-f96enabh73
-
MD5
6a51cc62a419ff0ce8e402f6078f01fc
-
SHA1
dac60e7e9cc63b90804674275b729e7bc5c8a1ee
-
SHA256
e1dcc9c259c78a051ead4ae56f9eabdb829bb7c832fe81af6f65f6b465b7f026
-
SHA512
a6c7624c3b78bcddd726dfffaeb13db329a4c75e0e91acf6d5fcd85492dacab06fe2644193c40adcb7c30802bbd34f8e6695bec2386b5e8257ab3f3b832b1efe
-
SSDEEP
393216:7lc13U2VRLLoSkywODQQmdL3aRWtBWH2uNxUMAF9WZNcswyRQojMYWVlHoGTyy2L:7l23r5njzUJdL3ZtB02uTLsucxy+vLHK
Behavioral task
behavioral1
Sample
SkyFlick2.1_WIN11/RealReboot.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral2
Sample
SkyFlick2.1_WIN11/ResetHWID.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral3
Sample
SkyFlick2.1_WIN11/SkyFlick2.exe
Resource
win10v2004-20230221-es
Behavioral task
behavioral4
Sample
SkyFlick2.1_WIN11/data/Ba6ZtH8y0KbD2.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral5
Sample
SkyFlick2.1_WIN11/data/bin.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral6
Sample
SkyFlick2.1_WIN11/data/bin.exe
Resource
win10v2004-20230221-es
Behavioral task
behavioral7
Sample
SkyFlick2.1_WIN11/data/drv64.dll
Resource
win10v2004-20230220-es
Behavioral task
behavioral8
Sample
SkyFlick2.1_WIN11/extension/Anti-Flag.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral9
Sample
SkyFlick2.1_WIN11/libcurl.dll
Resource
win10v2004-20230220-es
Behavioral task
behavioral10
Sample
SkyFlick2.1_WIN11/zlib1.dll
Resource
win10v2004-20230220-es
Malware Config
Targets
-
-
Target
SkyFlick2.1_WIN11/RealReboot.exe
-
Size
17KB
-
MD5
e3ff3e13aa2327bf56c2b9c7ff72da6c
-
SHA1
5d796ef224d2f45111819297b3098a3ef6ddd63d
-
SHA256
c4d9a85853ba58157ddc42235fbd576d7312f04fcb7e35f92a12915f8cb81ea6
-
SHA512
38217d461faf6a48670086ed0cc08242c087eb85769f5ba4935c23dff6a3e80a7c4cdd87a8dcf878d3a942f460006555b3dff1f7274dcd08c5541a9ce5c958a0
-
SSDEEP
384:l7E5glOubn/A/FQsDL27jq0JdVVIY9o3d+m:1pIyA/1cjq+HXq3km
Score1/10 -
-
-
Target
SkyFlick2.1_WIN11/ResetHWID.exe
-
Size
2.6MB
-
MD5
d39c72eec8cde69944feda7cf386fd14
-
SHA1
694538c10ca8ba6a95791b528b857db118f7785b
-
SHA256
dc1f8e5c613b61e44cf394bbd36938ae90d432afcc6fbc90cbc07913419eca50
-
SHA512
5fb46167f6fcb27212f3516de1ee4fbb88ae1425da7ad82cd44f4db82409eecbc5115088a8d7492681ee35a7c5297947f9cb1de8a899ad81bee496384bb5c221
-
SSDEEP
49152:YJZ4qPVzHxJQ3zNJKaxPxFN1myo4UzfV/WX5RE/s/Td:kSqYJhx5FTmpB/WX5S/wd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
SkyFlick2.1_WIN11/SkyFlick2.exe
-
Size
5.4MB
-
MD5
86a3d3a67b29fe9dd04f3cc865056245
-
SHA1
210c988487baacbc41dd8590b77688d8a03b81f1
-
SHA256
646dc44a15f576f31d4f357f2538bf5aec7bd92ed373b8a217daeee7a22e81c0
-
SHA512
d33dfb990b61ce9930469260cd643ef643ca79c66bfbb41e4e8b4f4e684f8abfac8936ce84667d6154b0c62de2cbbbc7fc4c4d6058a635d07366939207a131cc
-
SSDEEP
98304:uMaC/In9pCoFypqViZfw+1AFb8qTgDRr19pF2rKELuSLw3aOTy:naUIn9/Fyy+yoqgjRVELuwwqiy
Score8/10-
Downloads MZ/PE file
-
Sets service image path in registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
SkyFlick2.1_WIN11/data/Ba6ZtH8y0KbD2.sys
-
Size
3.5MB
-
MD5
dde5740b4bf6271bdb42da242c5535d8
-
SHA1
16476c591b781449440a7b468becc63b7daa33cd
-
SHA256
714b12277e64be16a900018fbb43fd34be88c3d959cf1985876369d34904d1d5
-
SHA512
463f5d36ae6bc9818edfd2a5c91430614d9c7f65f638ad40d44816c0c0d6e64af6c491e58ae6a43e908dd9c285f72c297d4b8bcdca2060499814a603c0c8e95b
-
SSDEEP
49152:BfecROe4BTjPTGBCZ5mMO7s8h+JXf6rsF/yzWU1buWkOB+5MT3LIRYoRV0D36rfj:BmcyRMi5JOcyAlyz7IODoRV0D36MHId
Score1/10 -
-
-
Target
SkyFlick2.1_WIN11/data/bin.0
-
Size
5.3MB
-
MD5
5ee3604fac6e53dc2f3a4486ab9afcf6
-
SHA1
4a10abcd8ac6f75ee60d94eed5b07684a4e9117c
-
SHA256
318ee60258ac8cd34e0eed8d471fb0a11a3be56205cbb9d853dbded659f6c787
-
SHA512
bd28f9fb51f69c5a9926c3d2a60fa1888c70405a50ffd25586407857f792c2b373e5e04d78284f9c24a3151a296961c57f9dd2dd0dba4c4a1aab034d0b3bb8e0
-
SSDEEP
98304:17aA6O2V2/6K+yoHKEorpSFojMHa/0EexF2zAI8J5ktPCO0xtw2qHwJVtG:17aPO2c/6OoqjSFoE40E+fSWZqHwU
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
SkyFlick2.1_WIN11/data/bin.1
-
Size
6.1MB
-
MD5
b357bc0d4c48a0481057d854c9168503
-
SHA1
bc729697648def321e6b78b27ae790bc149f6bb8
-
SHA256
5fb7783611fdcd76d9d57d7d2af6791357c3d41277dbc9e69e0a6431bb5949b1
-
SHA512
b4cd3f9796e329dc018529dcd331b90b6b61bd749ae644ef03fbf3db2e97040441e1b0d92a64d9306074160b0ce7fe1b298c210de082db751f712bf1f4edacb3
-
SSDEEP
196608:91aFJdepxzWiarz1yMOQbxCxl/95eYfNdyV:91avCxzGxy8bxEZ9Xdy
Score7/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
SkyFlick2.1_WIN11/data/drv64.dll
-
Size
866KB
-
MD5
466d8d4bd03e1ae1dfb7cd2944747808
-
SHA1
d779e10cec5a7457d08b9d63e2f392202d1b9c4f
-
SHA256
b1817ee674e9a7b9eecacb8068eb7e5d6f45052106f0fef31d9eaf7e2eaf7f15
-
SHA512
1d18f517ae7f0fade4768616969ba0b6c9fcd1fc2d593e5321f1826f9313c6b2f976fe737094515e9585fd0bd4fbc832d879129f80d9136a6ab861ff9b962764
-
SSDEEP
12288:2hE7/OAnfbSJrD6n/Im5hkK9W4Iyo4J4b4zD3PRNhhIaqcMuceZDHlBtkSpJo7wl:l7/NfaejRHIyZJdX3pNh+PcNRHtkI
Score3/10 -
-
-
Target
SkyFlick2.1_WIN11/extension/Anti-Flag.exe
-
Size
138KB
-
MD5
75645c600160e1e9973ce7b2a68badf8
-
SHA1
46d17296a5d04a7cab4ecf494b6c6e6c34638021
-
SHA256
d43495b3fce93bb8c9e24d5c9f4df0f93da02364b18a8a137a518e4218aeb7dd
-
SHA512
76200b07f37dd22f32bb3b6a1e6a00a5f24eabb63c1e9904e5fed21e7aebe0e44b95f8207b64d4579c44bac1deb3d36692a09987821c4bb8f2ba2df377cbf032
-
SSDEEP
3072:v2G3/l7spI6KroZmveReJ+RBysDNjNuhE1l8to9H3E5q4WzD:vbd7sIYDL2sDrual8C/4WzD
Score1/10 -
-
-
Target
SkyFlick2.1_WIN11/libcurl.dll
-
Size
479KB
-
MD5
a773fd7caa6ee0b42ad5d9bad74b1f01
-
SHA1
325d625970d6ed18606858fee5281f2a51432ec6
-
SHA256
805979c09a14d249f3086053ef55c5a7d1a409dbba83c2e0ee80befcfc875aa3
-
SHA512
d6f5deae4b2472a9be53229939fb898e2a8bec1dad912a2d9af3d0b355e901e5ee502817c2a71d80fa49524c236d08221f988b0f23a6d3f6d18f5ea8285a4dbe
-
SSDEEP
12288:y/mw+ZFUm8PPObIY/fCmSwj0O79RiYpKlCuaxAQY:ywgPObIY/amSwj06lomA
Score3/10 -
-
-
Target
SkyFlick2.1_WIN11/zlib1.dll
-
Size
87KB
-
MD5
cccf0510b3d50d1d458e1be8da1b64d5
-
SHA1
701e6655979f5066c4fe6bcec18982dd427a2c58
-
SHA256
76c186ade3e6c6bcf0b4adaa8fb1332f69290e1fd191872ed5cc8d32cbf767ea
-
SHA512
4db2dc29e4558c6f179bf6d41fa77740fe3f96033daa0327caf60df83e447ea0342b12cd612f7b551d8223e0457f6069e3b6c30c291c8c4ede3b089cadd9d04e
-
SSDEEP
1536:gk2qZPsTBdddWfPpFu/xHEvT9QIOcIOnXmZWAhJn:gNqZPsFddYfPpFsH+T9GSnXmZWAr
Score3/10 -