General
-
Target
SkermExec_BETA.exe
-
Size
15.6MB
-
Sample
240511-t4kgwsff8w
-
MD5
6e032e42ee49ffc9e4972b7975c0d2ab
-
SHA1
e9f0f40b262430d726cb4004f764ffb2b1e15bc7
-
SHA256
f88be35812978768f93cf8b44e32025fa601b8674c061f755905605da5e4d0f3
-
SHA512
a8d5490e173a8c88b7314a80fe75bb078fc2a99a82136412259b249e9a4846cde73eb639f8910fc3b280c681961e978e5ad3c04c7ac09517c5452b83b60d25aa
-
SSDEEP
393216:to9Diaf5uxfBh2Jp5M/urEUWj8CEhM1thOfypXUSV:S9OeuvhNdbVh1MydV
Behavioral task
behavioral1
Sample
SkermExec_BETA.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SkermExec_BETA.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
SkermExec BETA.pyc
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
SkermExec BETA.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SkermExec_BETA.exe
-
Size
15.6MB
-
MD5
6e032e42ee49ffc9e4972b7975c0d2ab
-
SHA1
e9f0f40b262430d726cb4004f764ffb2b1e15bc7
-
SHA256
f88be35812978768f93cf8b44e32025fa601b8674c061f755905605da5e4d0f3
-
SHA512
a8d5490e173a8c88b7314a80fe75bb078fc2a99a82136412259b249e9a4846cde73eb639f8910fc3b280c681961e978e5ad3c04c7ac09517c5452b83b60d25aa
-
SSDEEP
393216:to9Diaf5uxfBh2Jp5M/urEUWj8CEhM1thOfypXUSV:S9OeuvhNdbVh1MydV
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
SkermExec BETA.pyc
-
Size
67KB
-
MD5
ef14553742002bbf88bfd7b940c226d8
-
SHA1
e124f3980a4d4eb7bff3415cac213545c956c91c
-
SHA256
3a7475d11e60d426a48dd3e49e53f2fc0def4154411634a8d306a94bedad8579
-
SHA512
5e5a83c3acb006d6af0de0a32f1bcb99d8697e9efa916c4bafa805327243205f778a0030a43c2ef853f7e6a5375a3670264d44402115e6a3938f5921aabec988
-
SSDEEP
768:jKPySSEcm2M26Khssz6or+01N0gd4q30hE2LXTxlwvOLYsfPGMmgt0AnjEUnrGFv:+SEh0e6LBE/xcGPGMmgtF4qrcnv
Score3/10 -