885aba75eddb447464874fbeeeb0c456b218ab3fceef279697b32e07372c2a75 | Triage

Sharing

General

Target

SkinChanger.zip
Size

84.9MB
Sample

240908-ll5fca1cjf
MD5

d563c3e8019bec6ed4494d40eadf82b7
SHA1

8d75830e1995a47c559f145b658df412040072af
SHA256

885aba75eddb447464874fbeeeb0c456b218ab3fceef279697b32e07372c2a75
SHA512

cd7953e880b30436c9517fc3025dc18ec3f47ffa2e499628f24be295382bad68064275381db3afc56e3adabfea68bda0c96a15baffeffdab5f1aabb4a8ec6558
SSDEEP

1572864:uWwXEs8Wu7oYvzSKqPN1umchMdU3Tj2gPfoXTGdfSgDgMZcCt5HB7dsf3:xs9u7oszS7Vq9332nadqgDgMZcCt5Hh2

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  SkinChanger.exe
- Size
  
  86.8MB
- MD5
  
  2f7f672c15bd26e2c73831848cc6436f
- SHA1
  
  d57fe68cfad3eae75095dab49d019886dd954e2a
- SHA256
  
  ec4d84990bb0d163d45ee842a7cbed806ea7b67552895a25a62d614cabfdda72
- SHA512
  
  f8ce0889774e8ac02c4003f1f75748f1d143f0a3c07ff73ccd96bf2bd00f61b03d705090b8e4c21198a8aa1a1c3095a16b173edb081ce4697f975bc361e3c0b7
- SSDEEP
  
  1572864:on0YI2VqaYBiMFacAtjsmjLASovu3NI/q17EATkPZOQNe6xiQyB+w75m:v92kaYBlFaz1w7G3O/pPPAQNe6xiQyho
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence