69dda29b6280f37d8c24b240ed31dc4c37342283c9751de8dabf1f21235455d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SkySky.7z
Size

455KB
Sample

230908-dsvwgsgc8v
MD5

fdbb5b3b639abc6657efe5645834847b
SHA1

757111f415c6621b945e73bc470f29cf4ead725e
SHA256

69dda29b6280f37d8c24b240ed31dc4c37342283c9751de8dabf1f21235455d0
SHA512

bac3ce3762b6eb543d1c6a4e7d87b36d67c0a0e12d6caa8754ff53b4320421f9d8237469873da2172ca4f5898f2e2e5b5a800b69ac82ec0e0d081e6950c0afbb
SSDEEP

12288:jpnEx0Q3xOMhmxU7YrazKYeZ5iBS4qFTokn6iSdJ:jNEx/3bB7YraeYeLirgoEsJ

Score

7^/10

aspackv2 persistence upx

Malware Config

Targets

- Target
  
  SkySky.7z
- Size
  
  455KB
- MD5
  
  fdbb5b3b639abc6657efe5645834847b
- SHA1
  
  757111f415c6621b945e73bc470f29cf4ead725e
- SHA256
  
  69dda29b6280f37d8c24b240ed31dc4c37342283c9751de8dabf1f21235455d0
- SHA512
  
  bac3ce3762b6eb543d1c6a4e7d87b36d67c0a0e12d6caa8754ff53b4320421f9d8237469873da2172ca4f5898f2e2e5b5a800b69ac82ec0e0d081e6950c0afbb
- SSDEEP
  
  12288:jpnEx0Q3xOMhmxU7YrazKYeZ5iBS4qFTokn6iSdJ:jNEx/3bB7YraeYeLirgoEsJ
Score

3^/10
behavioral1 behavioral2
- Target
  
  SkySky/ManicTimeVico.exe
- Size
  
  623KB
- MD5
  
  d9746c8d55bed7b372ccef704f96ddda
- SHA1
  
  61c6b8ba9108fc7617264bb7d58e163457946e5b
- SHA256
  
  afbfea15784c32277edf9d4c985d210c5c46baef46db1c6bed2d2a964d2b70fd
- SHA512
  
  e00d687bd7cee039c6eddddab2b89e26136f842bda19630de53220f3459a73a4bd2ba0c76267b977e265d7cdf98d21cd94d327fa143477a427ccd0a5fd57910e
- SSDEEP
  
  12288:N7djaB7OoRTQTR7djaB7OoRTQTDiiiiiiiiiiiiii:rGBJRTQTHGBJRTQTDiiiiiiiiiiiiii
Score

7^/10

persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  SkySky/QQMusic.dll
- Size
  
  54KB
- MD5
  
  379d6b89dd9f3d00b94f386e55442b91
- SHA1
  
  b0e9985c39d9f37c49f84d5a937c8a32580075bf
- SHA256
  
  2e5c9bd0403696748699db874437218f51af645a4b430e54fc2a7c1ee81f9c3f
- SHA512
  
  7106582f5809421628bb48d8f4c1ea71e04da5d7ce2540e2932fd6201d2b4767bb4f5841a2264b81f91b2f3af97bbb8fa14bea487eef7340963c50dabe148285
- SSDEEP
  
  768:tgWaFeh+TFS+M2SARmy6IMiMDhz7oE/2poJOZCIS0lzXRmvkrHZ2tIlhn9oWfGIs:tgWtojRm3IYh7N/GndZBTYtOVKWfI
Score

3^/10
behavioral5 behavioral6
- Target
  
  SkySky/QQMusic.pb.1.dll
- Size
  
  124KB
- MD5
  
  7f23b83024c17920c7065ab8e87955a5
- SHA1
  
  0cc85fffd32521e82b912240f6a183bae24f5f90
- SHA256
  
  2ac77756be3c35b9c43ded56fd09b5ae85b0ab0a9aeb3c47a08b89da89b8d515
- SHA512
  
  c7ddae8fcb2a3a2b660815362f75b078aab9fb4476a8b97329924efef53aaf3139e61b04ea446a132bd3afbe54504f05c911ed242e77af49c3984ccf0d991942
- SSDEEP
  
  1536:D9rRh+THM8aHgXitolPyP1uu9z7iZ157jYtOzOtYnB2jRfpb2HY:zlDolPpuHm1BUtJ0yRhb
Score

3^/10
behavioral7 behavioral8
- Target
  
  SkySky/Test.dll
- Size
  
  44KB
- MD5
  
  b3768c7f926732ce9b598d8ddbc588cd
- SHA1
  
  3f493b85f0c7d05eed778d19f2c0c79c69002be9
- SHA256
  
  217eb155c43f88ac3b64168d2f07ae167a14cc021a88ffdc96b91c64ec5d22e0
- SHA512
  
  8b32744a47198a71b5c42093b460ce587ec5708d74694a79d4138f315fc0b808230ad4270a8f25267f17a7b8f586740871bc920ac1c5e76c10db2677e944fcc1
- SSDEEP
  
  384:Xp6jxYYTpDj6r9YPn3GHkFQJimYyp7Mnk87fd3jyO4KjuVBu0zIPkitlwcdy/L:hYTpDj6hYPkJiryp6FjfuVBTnitK
Score

3^/10
behavioral10 behavioral9
- Target
  
  SkySky/_1.dll
- Size
  
  44KB
- MD5
  
  d3aa0ddbe70c03c83718687c7b457f2b
- SHA1
  
  f67cd39ec5aec879b604dfe3bc005e173d339749
- SHA256
  
  76220671d937a57e8aebd6c1a81d26dc8bbbfa6468c182c5a119fdd5590bb0d1
- SHA512
  
  f964c5c284dd90900352b7551a52472d294353739900913ca71e702756eb1af423489a408d9c110353350725c4a894cbcb0bde550fe534e065e53a9f436c8dfa
- SSDEEP
  
  384:CDN6YoBo9dN4HdXpUHwTd/TCRKjyj3poRVVlvlXNRcJuYDt0PGtf74Bjv:CD93gXpEwBTC6y3ylvldRcJ3tNty
Score

3^/10
behavioral11 behavioral12
- Target
  
  SkySky/_2
- Size
  
  118KB
- MD5
  
  fe59ae5254c9633ef54d76065efd1838
- SHA1
  
  a6f832e3e8aa936dc0b14f75b5f13369a4874340
- SHA256
  
  99d1c0a369fdc2a7070961d21e7e05544fa20d29e8f7add266ff4f993351e1ae
- SHA512
  
  f7e246ce9802638ef1c526ac905d7ac5a77f45995843770b19a0c86abf68177f102e915e061665fa76996e15f5c24d1b139c26e823cd4580012a6b8ee722ef54
- SSDEEP
  
  3072:OLQVTyTTkj7FzZVkGQUBmdhSJzBCBG9x8bCLTZTcIGQ+wL1VhJGsYL:OBo3VkGPBmdhSJzMBG8bMTZTcIGQ+wLk
Score

5^/10
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  SkySky/_2.dll
- Size
  
  44KB
- MD5
  
  93d6e392d4988351d4c3700e45c02ce6
- SHA1
  
  bc0bb1f01167e15413c54a52f54b4e9b085403b4
- SHA256
  
  74163fabd8f98f96bb64216bcb9ebacbcae7d114df061a141ba1700c714ef544
- SHA512
  
  f4a8687789fa3161d18e1a09252aa0894ab14d99414482787251b9213a726105cbd123ecb12efc8ee4483a777bc0297604c52d0e22c1438a0d3182ff26f61c12
- SSDEEP
  
  384:R7btom7C918Yt9nbfAh8T1pUXpKAy5jqi2yBj7KTwGBguyr3dO/0PGtuMQ:1telp8iT1OX/82y1NGBgRr3ENt
Score

3^/10
behavioral15 behavioral16
- Target
  
  SkySky/_3.dll
- Size
  
  44KB
- MD5
  
  81daa0cf41fe022967b95e58b5a13496
- SHA1
  
  8dc3475513e9127c8e3dd0a754ff89af0457262c
- SHA256
  
  e1b55d6fd60ea04612b77d6fbe1b59d5ceddf03b4fd3b77f8b1f8765db40ff0e
- SHA512
  
  3e821578ae97d745b7016e60c496de26fb1cca7bb6f588535b3e22d79f8e1943c0c20d2e688c515820fd5ea7a4306159d9f9d6b9a506181834eacd87d39db774
- SSDEEP
  
  768:BByTJ2FkMnCJ89FwpUZjs3zt9LfzZn6tzr:byTJ2CMC+pjsDt97z4tzr
Score

3^/10
behavioral17 behavioral18
- Target
  
  SkySky/fntestdll.dll
- Size
  
  108KB
- MD5
  
  4dc3df2173419a275c92f56724b450ff
- SHA1
  
  633f9ea02f758c52b39633ae595e962954e2d68b
- SHA256
  
  8b7e6d8c7851bff5d8b70016b834262f466ae57011f1449c3efed8a5c3f08704
- SHA512
  
  603ad1fd521e678dea0ea9a438c053601f4b0ef34982f883b3ef7e859ca4f7a5d5ed95bb5b1ad86ea57c74f0ff9ed831dcbf3591114ec859ad2df88495e3822a
- SSDEEP
  
  1536:DcneWa35RTf6uYvCxf+QBwLFHn2rZCo6ctbtYe72:ZWe6uvxxI0N6ktj
Score

3^/10
behavioral19 behavioral20
- Target
  
  SkySky/manictimevico_00670000.pb.1.bin
- Size
  
  241KB
- MD5
  
  beb6682020b459f2b18e910c5c03f01a
- SHA1
  
  7460c172aba06b339e655ecc2cd7a7cdec963332
- SHA256
  
  32b5daa780d4e62220f08d415d2bf5a743b54c50f934c8a87654a2dbbdf98d38
- SHA512
  
  ee07f5897fdd1260bf066ac178b6d674797e90d480c68079384fc50e33e06781ac11184104ae7af09b358b9daa860e2bacd53a0e4311cd75bcf82f011fc1cbe1
- SSDEEP
  
  3072:smBBodF+pkpEYqjosX3kopcv94YFt3LBxDuWG1TRU:pjupLqjv0yS
Score

7^/10

persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral21 behavioral22
- Target
  
  SkySky/vcruntime140.dll
- Size
  
  78KB
- MD5
  
  1b171f9a428c44acf85f89989007c328
- SHA1
  
  6f25a874d6cbf8158cb7c491dcedaa81ceaebbae
- SHA256
  
  9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c
- SHA512
  
  99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1
- SSDEEP
  
  1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
Score

3^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24