General
-
Target
skynet_0.4.vir
-
Size
3.6MB
-
Sample
200719-fwck6e28f2
-
MD5
a6cb3103fac2e6ad873ce6774e4ebddb
-
SHA1
37c20c2ed8556b27217264dbaa7aa5a96894ca23
-
SHA256
5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba
-
SHA512
ef3f3fc6bd9764d4573250a43d2482483c5f2ddf4ba45218b4a2bb60b8d3a7992a36d7a9009db5d4818bb7601ea666963a16dafa56a09a47997d58627bda4058
Static task
static1
Behavioral task
behavioral1
Sample
skynet_0.4.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
skynet_0.4.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
skynet_0.4.vir
-
Size
3.6MB
-
MD5
a6cb3103fac2e6ad873ce6774e4ebddb
-
SHA1
37c20c2ed8556b27217264dbaa7aa5a96894ca23
-
SHA256
5978884a07ea7559941ec2a1ce86e08e4be36a9aae9d535f58021602b24cdaba
-
SHA512
ef3f3fc6bd9764d4573250a43d2482483c5f2ddf4ba45218b4a2bb60b8d3a7992a36d7a9009db5d4818bb7601ea666963a16dafa56a09a47997d58627bda4058
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-