Overview

overview

10

Static

static

10

skin_changer.exe

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    skin_changer.exe

  • Size

    80.7MB

  • Sample

    240815-yjs1razhqd

  • MD5

    c4b288f385a805993ea25e3b0bc9b4f8

  • SHA1

    83c57d8d210c8782bc13ee07bfa09a2dec8750a6

  • SHA256

    52c92275184daa9f8dc3a4363014e89cad297dd91ea965d4a35ab1129bd82b67

  • SHA512

    9b413350eef11d6c70094d5ff4f628f3e21b4ba4def7b388b580fc682993b0ed9deec7317171353244392b3e9377f5450fa8e877235dad534a438f7d4489aee0

  • SSDEEP

    1572864:NvxZQglXJdW97vaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5Is9bKucJXt:NvxZxRLmeSkB05awb+Tfe25FD9bat

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      skin_changer.exe

    • Size

      80.7MB

    • MD5

      c4b288f385a805993ea25e3b0bc9b4f8

    • SHA1

      83c57d8d210c8782bc13ee07bfa09a2dec8750a6

    • SHA256

      52c92275184daa9f8dc3a4363014e89cad297dd91ea965d4a35ab1129bd82b67

    • SHA512

      9b413350eef11d6c70094d5ff4f628f3e21b4ba4def7b388b580fc682993b0ed9deec7317171353244392b3e9377f5450fa8e877235dad534a438f7d4489aee0

    • SSDEEP

      1572864:NvxZQglXJdW97vaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5Is9bKucJXt:NvxZxRLmeSkB05awb+Tfe25FD9bat

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks