General

  • Target

    skynet_0.4.vir

  • Size

    3.6MB

  • Sample

    200719-fwck6e28f2

  • MD5

    a6cb3103fac2e6ad873ce6774e4ebddb

  • SHA1

    37c20c2ed8556b27217264dbaa7aa5a96894ca23

  • SHA256

    5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba

  • SHA512

    ef3f3fc6bd9764d4573250a43d2482483c5f2ddf4ba45218b4a2bb60b8d3a7992a36d7a9009db5d4818bb7601ea666963a16dafa56a09a47997d58627bda4058

Score
8/10

Malware Config

Targets

    • Target

      skynet_0.4.vir

    • Size

      3.6MB

    • MD5

      a6cb3103fac2e6ad873ce6774e4ebddb

    • SHA1

      37c20c2ed8556b27217264dbaa7aa5a96894ca23

    • SHA256

      5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba

    • SHA512

      ef3f3fc6bd9764d4573250a43d2482483c5f2ddf4ba45218b4a2bb60b8d3a7992a36d7a9009db5d4818bb7601ea666963a16dafa56a09a47997d58627bda4058

    Score
    8/10
    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks