General

  • Target

    https://cdn.discordapp.com/attachments/1247328830645866629/1247329081372966972/Skiioh_0_delay.exe?ex=666395bb&is=6662443b&hm=b4afc7f82def25e5e5dec88afe2f1a920c109808e1a676d8d4009e4864e8e683&

  • Sample

    240607-dl1s6agf6z

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1247328830645866629/1247329081372966972/Skiioh_0_delay.exe?ex=666395bb&is=6662443b&hm=b4afc7f82def25e5e5dec88afe2f1a920c109808e1a676d8d4009e4864e8e683&

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks