Overview

overview

7

Static

static

1

sklauncher.txt

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    sklauncher.txt

  • Size

    166B

  • Sample

    230611-twelnsab2s

  • MD5

    0427fcae5bbf841920b94eff924445eb

  • SHA1

    dd1daa027824ce9be7e6f33e94909f7e337e6f59

  • SHA256

    fee6104b980415f47a3e1278098758f89e56663f0847e7a5eb7d82a53108447e

  • SHA512

    7fbd2dae44e923ffaba0371b1c554f990c1c14950e8da7aa56cb004b342d4107815ad9659bacc20f44e6dea0959a7874c371e94aef063a8a393d92b1757b1278

Score
7/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      sklauncher.txt

    • Size

      166B

    • MD5

      0427fcae5bbf841920b94eff924445eb

    • SHA1

      dd1daa027824ce9be7e6f33e94909f7e337e6f59

    • SHA256

      fee6104b980415f47a3e1278098758f89e56663f0847e7a5eb7d82a53108447e

    • SHA512

      7fbd2dae44e923ffaba0371b1c554f990c1c14950e8da7aa56cb004b342d4107815ad9659bacc20f44e6dea0959a7874c371e94aef063a8a393d92b1757b1278

    Score
    7/10
    adwarepersistencestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks