General
-
Target
SkermExecBETA.exe
-
Size
45.6MB
-
Sample
240512-q62x6shc8x
-
MD5
45541b4af239a74c925dcf5c37d3a6b9
-
SHA1
84a67d1d4441f4f6f9ca34be2af276363bdd27e8
-
SHA256
8cf3d20e12d72d69beeb2e916dc6dd96d7538d73d39055d47ea127145ee5b73a
-
SHA512
ffec414e17167d1116f3e176fd8cb589603a103be3bd6312c9d643c2982370555e989c0060e7bb80c580d27d93255eba9b2866ba92913d297d6c2709a2dc64a0
-
SSDEEP
393216:/o9Diaf5uxfBh2Jp5M/urEUWj8CEhM1thOfypXUSV:g9OeuvhNdbVh1MydV
Malware Config
Targets
-
-
Target
SkermExecBETA.exe
-
Size
45.6MB
-
MD5
45541b4af239a74c925dcf5c37d3a6b9
-
SHA1
84a67d1d4441f4f6f9ca34be2af276363bdd27e8
-
SHA256
8cf3d20e12d72d69beeb2e916dc6dd96d7538d73d39055d47ea127145ee5b73a
-
SHA512
ffec414e17167d1116f3e176fd8cb589603a103be3bd6312c9d643c2982370555e989c0060e7bb80c580d27d93255eba9b2866ba92913d297d6c2709a2dc64a0
-
SSDEEP
393216:/o9Diaf5uxfBh2Jp5M/urEUWj8CEhM1thOfypXUSV:g9OeuvhNdbVh1MydV
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
RobloxPlayerBeta.pyc
-
Size
44KB
-
MD5
22cd51656be31ef21a76672c219b7120
-
SHA1
6fa8c3c9db327d41d964fef3a4c9d2667fc6dd3b
-
SHA256
644307f1bbe3042aa0455b3877753cd40c83fb510fcde431d4a1eca2385b309e
-
SHA512
3a00d927dc37adecc07f3dbdd17d6d75666723b7662b7cf6f2770d647579c9badb786266333c4a6a190d02b234e57d7ac6e9ce84dc6ebdbb34b44b968471b7dc
-
SSDEEP
768:n9JWOezbYZEPvR9i/Hp52xXTYkPJnmfKKOBoTEFSe5f01AofOTsjxVDlhLx3NpJt:n9JW9fYZEPvRwRgxXZJnmiBoo01AIc0v
Score3/10 -