General
-
Target
Skibdi.rar
-
Size
8.9MB
-
Sample
240531-p6n6mshe21
-
MD5
2cafe641ac384c418e886c662b5587ab
-
SHA1
cc64dad0ea3668d129671c00efe93439200c8def
-
SHA256
ebdaeb6f096cc2650722bf5f0865e22b0ebb109501c73029b538e78053a56b2c
-
SHA512
be40aa3d714c676d1598fdba071b96793e6bddba738e2841405a842be9a1220829614c6bb9194cdb7247cd0ff0a7ba72d3b377b7f1f6b0f7c20524c39bc67556
-
SSDEEP
196608:G6n7woEnbi1OqAihNXNfciltLgjnhbZrO8CgRVp4PJKzHX:G6n7VE1qAiv5Jsjhbw83PpWKzHX
Behavioral task
behavioral1
Sample
Skibdi/drv.dll
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Skibdi/drv.dll
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
Skibdi/drv.dll
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
Skibdi/rbx.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Skibdi/rbx.exe
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
Skibdi/rbx.exe
Resource
android-x64-arm64-20240514-en
Malware Config
Targets
-
-
Target
Skibdi/drv.dll
-
Size
192KB
-
MD5
6ee2a88665ddd9cf5f0ac3da3232fc88
-
SHA1
78bf139d0e388067866c919376c033dbf3ae7c39
-
SHA256
dfc0065b0986bd34fce26b4b8578e3802c885e4aa9bf4a5e2bdb102576204573
-
SHA512
764d2ba61aeadab5c00724338d61e8cf965ff65e9dad86831ef7372510395f8aeaf91bbf0df5d2c7a4b01f2a9d891ba65e10b6678a8c2a16de43eb6ad4ab17c0
-
SSDEEP
6144:w5qJ7GTFBer2nSiEh/P9mFTnNrouVagwzUiYJ:4Q7EX+2SjhaTnNroMwzS
Score5/10-
Drops file in System32 directory
-
-
-
Target
Skibdi/rbx.exe
-
Size
8.9MB
-
MD5
7501a30689d4faa0a55324304b93b2f4
-
SHA1
6a0eed79a4e81822dec9bb1d43d7e3997287a9b4
-
SHA256
7b2b4143316526e892101745c666723e32bd3d1b65cf3418fb1638b5af0cc6b2
-
SHA512
d2c4d82573d1547a57497a9854510c930d1338d47dcdf650d3e5d57f305b1fd19f3d3518e99ad2b9363467daa36e89f1b9d606183265eb788184c6c486ff97ad
-
SSDEEP
196608:qrOiHyZ7urErvI9pWjgaAnajMsbSEo23fQC//OoLxh2:cyZ7urEUWjJjIfoo4jLxh2
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-