9fd10bf47b3cc8064550344ccc5bd40f94072ccca78254b7e464ec6f8bcf03ca | Triage

Sharing

General

Target

9fd10bf47b3cc8064550344ccc5bd40f94072ccca78254b7e464ec6f8bcf03ca
Size

478KB
Sample

230907-lvg2eagd26
MD5

c7cc2ba415dff80615ad2076befd7f87
SHA1

85a9da603305b79d21707aa6e9d97c51ac3b09f3
SHA256

9fd10bf47b3cc8064550344ccc5bd40f94072ccca78254b7e464ec6f8bcf03ca
SHA512

73a4a6dfe1d53d9690762903dcf8569bc3b2b9d64782f221401a1abfa628d9d0a7e3184e1385c2773f1d03037939471ce64163439a9314612c42d8f36b07c4ce
SSDEEP

12288:VSrjK/UYAh/FOOG3xld6VNfI2lbwG7Ki8RdBgN5cp1:grURqABrU1I2KG7K/BgN5cp1

Score

7^/10

aspackv2 persistence upx

Malware Config

Targets

- Target
  
  SkySky/ManicTimeVico.exe
- Size
  
  623KB
- MD5
  
  d9746c8d55bed7b372ccef704f96ddda
- SHA1
  
  61c6b8ba9108fc7617264bb7d58e163457946e5b
- SHA256
  
  afbfea15784c32277edf9d4c985d210c5c46baef46db1c6bed2d2a964d2b70fd
- SHA512
  
  e00d687bd7cee039c6eddddab2b89e26136f842bda19630de53220f3459a73a4bd2ba0c76267b977e265d7cdf98d21cd94d327fa143477a427ccd0a5fd57910e
- SSDEEP
  
  12288:N7djaB7OoRTQTR7djaB7OoRTQTDiiiiiiiiiiiiii:rGBJRTQTHGBJRTQTDiiiiiiiiiiiiii
Score

7^/10

persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  SkySky/QQMusic.dll
- Size
  
  58KB
- MD5
  
  d3061f1f67664394011febe9f53664f2
- SHA1
  
  b0353a66c1d481cb7c49e2f2037de40fcb6a91dc
- SHA256
  
  bbd6380dc9652016eea5163fdfb933add8c3e06a88b627ec66007d19f549d4c8
- SHA512
  
  88bf39d51c5701acaa9d4117498df35937b96bed9910c09ed9f6f29eb453a115b4504689bbaddb88fef3dd70ea51ce2b3c05ffe33654cf5aa659a5f88e600777
- SSDEEP
  
  1536:Lchn8YlIiozzzFTiSltPpVAQvt03x/qWfI:LAtlxGvPpVAstYn
Score

3^/10
behavioral3 behavioral4
- Target
  
  SkySky/Test.dll
- Size
  
  44KB
- MD5
  
  bbed827300744af2f8ae88187af62523
- SHA1
  
  c819e4c1e2878a72be39b0fa43e74631309e87a1
- SHA256
  
  acdeeaf81d1eee4b04c44eacc01d392cde628fda031a78db5a170ac25bc74536
- SHA512
  
  250d08c61be61b654ea0e7e17105325154a7430b8cf2144dbba97fef4fe4ba87d117629f780e0d6db79cf573b6f05cf8b56f18fb78383c69f994e0ec70929549
- SSDEEP
  
  768:kB5aTxeVkE/tf9oqpUZDI3ztOpjgnMtx:kDaTxeSElfW/DIDtsBt
Score

3^/10
behavioral5 behavioral6
- Target
  
  SkySky/_1.dll
- Size
  
  48KB
- MD5
  
  1d35d1218217f4bf28ba0ae7af96e76a
- SHA1
  
  a24ab63c0e62f88bebc7813fccb41faf854cb259
- SHA256
  
  67683affc7aad2d8e90ea2ae7d684b88aa98e9e800c8c2123ceddae91de0a616
- SHA512
  
  590d18479a97b9c5eca6e6b75673143ac013cf25ef66eed023b218c6f4279728de0d8eee13459c6d57cbcef22e7fdd10fa2e7f13a093a63e42edfc0440fe9c8d
- SSDEEP
  
  384:nvFRSGoWo6dd8/9DdHkProTTZATyoFpxcFMlHY0hMpxAuuDt0PGtUdo/:vFLhUpMrwTZaVFllHYkMpxAttNth/
Score

3^/10
behavioral7 behavioral8
- Target
  
  SkySky/_2.dll
- Size
  
  48KB
- MD5
  
  6c4a7b2194a5a94d6b9586740e28f3f0
- SHA1
  
  1446c53b8a44113f9995de7997cefa93b676478f
- SHA256
  
  dcf157f71a48fe9ad172b5db89a5c9b471555686246489e35eddfde74f442ff9
- SHA512
  
  2ee42a4c5f34fb478f20969d8721245506c968af67f0a9f4cf239305dcf0bb1c4dae404f83a3804fe7d45bc1a0f559fa012bd1e2d620043ea900a9fb79f65a4a
- SSDEEP
  
  384:K0vTH8o0td7s89rdxtSfVTXnCLpNyJjim24C1j1gW4EeuSB6O/0PZtr2RT:K8H8pVRuNTXCLPo24CZKW4EeTBFut
Score

3^/10
behavioral10 behavioral9
- Target
  
  SkySky/fntestdll.dll
- Size
  
  112KB
- MD5
  
  222cb728a576c5e11a4f2544eeef52da
- SHA1
  
  9a4e98a2b63f662dcfff955c31f4e0859adf0964
- SHA256
  
  6e813ceecf905b9a769c88d0a6909749c9758fa166351fe5cb74f99f7090dd2f
- SHA512
  
  5bf3d19e0a1d6594097fa2cc7830c31cdf72da54da9d6d2ba8d69571c588363cd358675e2074b29d0365be6ff328121178b3486e7073aa3dc70d7e9f877c4f22
- SSDEEP
  
  1536:jGAml8LXVT/ZKCjNCF8k8gWkug+hXG2OL5Udp7FtsWn5s:jvLfhjb/kQVa+dp5tj
Score

5^/10
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  SkySky/vcruntime140.dll
- Size
  
  78KB
- MD5
  
  1b171f9a428c44acf85f89989007c328
- SHA1
  
  6f25a874d6cbf8158cb7c491dcedaa81ceaebbae
- SHA256
  
  9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c
- SHA512
  
  99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1
- SSDEEP
  
  1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14