General
-
Target
Sky-Beta_Setup.zip
-
Size
80.2MB
-
Sample
240319-tsyv5sgc62
-
MD5
5738b3716d9c09f902c8ebfc77bb463a
-
SHA1
14934628611c053aca61c212a40239aa2cbd1c33
-
SHA256
9429ec8822499a198cda14521355f7c9929fb957d1d50b7b08d51ef6f0223581
-
SHA512
4e4705ff3377c25d946e96f2d8069068959a6cd8917bc813cfd45856831be924bf4f3c8b20a877680cf90844fbd3d14c9f26123c77ba295b221a611e67c85bf3
-
SSDEEP
1572864:Aiuu1JTNhwgfiebBXkxqmSPQuhQTCfoNX/cPRHp1gzcY2BFQDt9:8u1JTNt66ukmSPQu+vmXgh2BFQDz
Malware Config
Targets
-
-
Target
Sky-Beta Setup 1.0.0.exe
-
Size
80.2MB
-
MD5
f35cdad9509e69a23a92f011429b363a
-
SHA1
6d4785a2ca81dda97e8f16f83e676b5dc79966e3
-
SHA256
ddad1649d171367b307aa77f14b10826d6a5ae1d1dc1656ef1a7ddbe6ca43af3
-
SHA512
5465a46dfffa5aa83d077640736b3ff0678843b67cdc6d6c26c02f09c6b35a7baf86fdb63be2575a911297041bd29b45132828e64407ec24d0068c58eead9736
-
SSDEEP
1572864:JkJ39KfNXWLJ9MXY5B8ceyIS7nqYdd6hIEhSmnJZxRByudPXFPR:JnfNY9MA/vP7nMhJnzxRB5dPXdR
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-