General

  • Target

    skycheats.zip

  • Size

    19.9MB

  • Sample

    240629-axe42swfma

  • MD5

    653d5558f37f9ba3cc46b0374fb5a354

  • SHA1

    061a198dfadeffad17d7718f34dbfa4ddb47b297

  • SHA256

    a2fd4c35d6757aac014b5e188e3136e885184e02c57454a7db1b6792e3f395c2

  • SHA512

    186e166de3d75b5db3eae8248cb120441e972b2b68c2dac2904e6a9e5a6fdc352a90c9c90544768473c7c4e313b8d9ea51fb6c7db43974ecf9d03036225f187b

  • SSDEEP

    393216:D210rqPtGCQ17Ei0DXidu2oQpxz2k2pQIp2/MkQgHt++TFwII:qq2PVQ1IiyC/oQpxz2IIsf1ZnI

Malware Config

Targets

    • Target

      skycheats/DismApi.dll

    • Size

      1.0MB

    • MD5

      f27f60985b6f8a0c7489275a5d06466b

    • SHA1

      6391846acdb7a2b4ae7b1ed69e1c1eb2a355d3d7

    • SHA256

      1259c57df7da9fe7e0de44e7fa728a449a9edc7836ba1478e6cfbe79dd9416d4

    • SHA512

      0ad8d5128e70859dd18dea751c1e29a218f8955748bf132dea2516fe86bac172bcbcabb0baa04cb602f34dfaa84effe6e3480b16e9e3be2298136774a8bf3079

    • SSDEEP

      12288:QJXA1K0dXa3+lPMXFR4GrKfZq812dclyGU34Gn9CcDU7asUw3S:GXAZ/lPMXFR4XZq4U9GUoSDeNS

    Score
    1/10
    • Target

      skycheats/KBDCZ1.DLL

    • Size

      8KB

    • MD5

      36f5be56fa0fac0499c1070d02657b2e

    • SHA1

      9aba22a07a3ac49e386e9cdd1d8398176aee07fa

    • SHA256

      9c6ec975a8328f4dad225503d7fd3dbdc82fdb9e855319e579e992212236b63d

    • SHA512

      72d4f320fd6d7f7a705014d266a3449d480ae1a5bfa197e7ff5bcbe36aff295f2a187a23af12cdfc69ef8ce826d6cb0d5e0dad3339a49a3d7d6f336e24a74ad1

    • SSDEEP

      96:5dYKZVX4YwI0Q1q15zljKLBWFE0e+Lpmy+HgQKUWNcWw6vv:52wVNq15hjQWCdfKUWNcW5

    Score
    1/10
    • Target

      skycheats/KBDDA.DLL

    • Size

      7KB

    • MD5

      2bfb2b68a666f20a5d536dedb54899c9

    • SHA1

      218154a69c400ef97722c81a4b9bdba3ce3fea95

    • SHA256

      feb2577d5a528ef3a1f5138c4b4131598715e92181e8dfc6c4f4a9da0c951fdc

    • SHA512

      2b1b2e1206bccbd262757f62c9369cb76c1afafcd2295973fbd0895bc4774eadfa5bdb1ce3efde07ca81df86b9cd4e3506e858aee570c6be98388846aa8bd18b

    • SSDEEP

      96:5dW4VHx05Oqh9lIkOMadeusQR9KWuRRWw:5g6AOqh3IkOMCs8KWORW

    Score
    1/10
    • Target

      skycheats/KBDGAE.DLL

    • Size

      7KB

    • MD5

      15b272094455cc4949c0ba2f6f5f79c9

    • SHA1

      e1739d32667be730a383cad6caa585eb8227f037

    • SHA256

      6bfa4640818694b9645478b97cf1b1d6c80602f855716bca6753239b8b3353a9

    • SHA512

      bc1ea1be36fea4a86fc08a713a6db3c3c131c45cf4a23eae8ed69cbc55496fcb723149e6acd512e12d81921cf0b7fe166dff6b4cd15dad1395f257c66a2360a8

    • SSDEEP

      96:5dHJt6yZsdVdQN1Tk+bBloYxwBUpo9u9mMqwWu3Ww98kvv:53ofdWTkablTqwWu3W+

    Score
    1/10
    • Target

      skycheats/KBDSL1.DLL

    • Size

      8KB

    • MD5

      0675b97fdc36315be8561319cfc2f432

    • SHA1

      808fa04f3dc10e4837c4d21386add597ea2338ff

    • SHA256

      7866d07857786566a6d16dbe9c89e9a5b34db5488eb7aef2ee874154a86cb071

    • SHA512

      0089fd63ec3c7ff199b384b4e307767c0214af7ea3cd05c71089ef72e59e7983b22000c257d2da66eb11fa3b50f13b8c19995120b1bed171a04e6f44ac0809c1

    • SSDEEP

      96:5dwxVX4YwISLK19SmjT0S2QLYFZc0eWjpm6+HQNiswQCWXt2dWw6:5GxVwm9SmH/2RcdeQsZCWdaW

    Score
    1/10
    • Target

      skycheats/KBDUGHR.DLL

    • Size

      7KB

    • MD5

      2c81ba2ed8469d45dbc10aba4d956599

    • SHA1

      97ac0d4c0ce92faf034406172dbaec25aceb1838

    • SHA256

      8b765a00a37332396501ae88b43499baf298dd812544c02ad4436382c50304e5

    • SHA512

      681390bfdd8fbbd4e7dffb64394162976593e6ef1334e65f4a743aedbd7c9babc105b1cda963bfec165190ff362c16c949c84480f2b6549c7a21168418ec185f

    • SSDEEP

      96:5djHeKwIFacm+9VqaM2DyNc8XEWr9EWwjvvNovP:59+EFacv9VpHEEWr9EWAvNw

    Score
    1/10
    • Target

      skycheats/d2win.dll

    • Size

      160KB

    • MD5

      9071ccf74a0956e5116e0541ef36fbda

    • SHA1

      4664d50688fae64b27d7b244ddb0abff695da9d8

    • SHA256

      b558c1b55325c0935e5e7c1203cb588532a938632ad940a939dffcfc51df2c1d

    • SHA512

      fa62a38ab8186f9b2e6b421eed5a2287e809929cf3b08093461ba229fd571571b9c1e368e542a72258955fa2d3878771e1bf57da0d85e4724da4b2183b22bb1a

    • SSDEEP

      3072:WTiZEtA4tO8U4Ibg2p9EIHs471zg8WErMamf7qKck5Pkj:Weso8UtigsINg8WKha8k58j

    Score
    1/10
    • Target

      skycheats/d32-fw.dll

    • Size

      43KB

    • MD5

      63df2c67027b0cd05e432548d3c1044d

    • SHA1

      f1fa3b5a06bbf6db2181b4d575c4050f6978603d

    • SHA256

      0eafa4e65dd3d20d5fa73e09ae9ff4aba3cabf997b1092f10774dc6529498fc4

    • SHA512

      55cd1ae1979a3928e166b14f51fac1b1d45a8b03df03cb7111c892596c4931adfe39202e6f29efbdbad1f94989347fee660eb60b2898e57740640e1922c6dec9

    • SSDEEP

      768:MvD3wtiLQp4exDNSg1WX+SnhXRyQCVXt0oSFicOgg1:MkTz1WX+Sn2Q+90o8iUg

    Score
    1/10
    • Target

      skycheats/d3d10.dll

    • Size

      1021KB

    • MD5

      b4eabbcfc6909a3b2d11f4f5d7dc639a

    • SHA1

      2891784622fb8c85c3216fd11b33a4bf2aafbb2a

    • SHA256

      9f33bc81f7c979c24977bfcedf7ec2ea69f36349da5cbbe19f97dbe4a80f8fbf

    • SHA512

      8b9c80d41d812474a134e8b2eda00dd17025e234700fb05015b1eeff7a9eea252e10112ea4d17dff97dad2fe4630a474d144f24e77c41db16de5b3d3cf8054b0

    • SSDEEP

      12288:FVCyj6R2f5hRH1MR5IMjhzXyVBHHxTogNvW648Rm2FP+Bh7G3r6cJaJbfLunld4f:FERM1MR5tEHO2e6JQ29/r3JawpZFXaR

    Score
    3/10
    • Target

      skycheats/skycheats.exe

    • Size

      49.1MB

    • MD5

      2df03054c8bd7495bbe7ac7cbcebcc8b

    • SHA1

      7c102f0c132f1154b3f70d2e48c8dac36015efac

    • SHA256

      c89e7305f8d00bdf890c7b19765ade09e32cd2199c86cec972e7efc8f11e71a2

    • SHA512

      a3b289b094f90a8c1c233dc2158d922fab275dd4c870bbfdb35270cf0cdbc87b5c18c95c3d5f3d996bf298c02a36a40d3c92e970c9c041057bafa0ab691a4ae4

    • SSDEEP

      393216:no9DF23QDxhtSme+7/pWYkRiu3HBHeZWdp9+5tHTy:o9o3QNjFe+7/pWyuxgOYz

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks