General

  • Target

    SkermExec_BETA.exe

  • Size

    15.6MB

  • Sample

    240511-t4kgwsff8w

  • MD5

    6e032e42ee49ffc9e4972b7975c0d2ab

  • SHA1

    e9f0f40b262430d726cb4004f764ffb2b1e15bc7

  • SHA256

    f88be35812978768f93cf8b44e32025fa601b8674c061f755905605da5e4d0f3

  • SHA512

    a8d5490e173a8c88b7314a80fe75bb078fc2a99a82136412259b249e9a4846cde73eb639f8910fc3b280c681961e978e5ad3c04c7ac09517c5452b83b60d25aa

  • SSDEEP

    393216:to9Diaf5uxfBh2Jp5M/urEUWj8CEhM1thOfypXUSV:S9OeuvhNdbVh1MydV

Malware Config

Targets

    • Target

      SkermExec_BETA.exe

    • Size

      15.6MB

    • MD5

      6e032e42ee49ffc9e4972b7975c0d2ab

    • SHA1

      e9f0f40b262430d726cb4004f764ffb2b1e15bc7

    • SHA256

      f88be35812978768f93cf8b44e32025fa601b8674c061f755905605da5e4d0f3

    • SHA512

      a8d5490e173a8c88b7314a80fe75bb078fc2a99a82136412259b249e9a4846cde73eb639f8910fc3b280c681961e978e5ad3c04c7ac09517c5452b83b60d25aa

    • SSDEEP

      393216:to9Diaf5uxfBh2Jp5M/urEUWj8CEhM1thOfypXUSV:S9OeuvhNdbVh1MydV

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      SkermExec BETA.pyc

    • Size

      67KB

    • MD5

      ef14553742002bbf88bfd7b940c226d8

    • SHA1

      e124f3980a4d4eb7bff3415cac213545c956c91c

    • SHA256

      3a7475d11e60d426a48dd3e49e53f2fc0def4154411634a8d306a94bedad8579

    • SHA512

      5e5a83c3acb006d6af0de0a32f1bcb99d8697e9efa916c4bafa805327243205f778a0030a43c2ef853f7e6a5375a3670264d44402115e6a3938f5921aabec988

    • SSDEEP

      768:jKPySSEcm2M26Khssz6or+01N0gd4q30hE2LXTxlwvOLYsfPGMmgt0AnjEUnrGFv:+SEh0e6LBE/xcGPGMmgtF4qrcnv

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks