General
-
Target
skeet.exe
-
Size
7.7MB
-
Sample
240706-rhbazsseqa
-
MD5
09acf9fd277ddfa74441e03e40d7d1cf
-
SHA1
d730168ae5ae8b8350e0b13b131a8efc1faea782
-
SHA256
ece75ede2d7c8d37b4a14345e6a8dd303adc4e9457330e1be269e12f3e224be6
-
SHA512
13956a912884bfc0c9648cd18d0c29ca1dc7dbfff300900d76f694916c58a8732d18bd0e05a7452b29559033a36488a221bbcbb2c16d6e16d509ebc91674d249
-
SSDEEP
196608:gz01qeNTfm/pf+xk4dNSESRatrbWOjgK4:Dy/pWu4m5RatrbvMK4
Behavioral task
behavioral1
Sample
skeet.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
skeet.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
�����H�.pyc
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
�����H�.pyc
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
skeet.exe
-
Size
7.7MB
-
MD5
09acf9fd277ddfa74441e03e40d7d1cf
-
SHA1
d730168ae5ae8b8350e0b13b131a8efc1faea782
-
SHA256
ece75ede2d7c8d37b4a14345e6a8dd303adc4e9457330e1be269e12f3e224be6
-
SHA512
13956a912884bfc0c9648cd18d0c29ca1dc7dbfff300900d76f694916c58a8732d18bd0e05a7452b29559033a36488a221bbcbb2c16d6e16d509ebc91674d249
-
SSDEEP
196608:gz01qeNTfm/pf+xk4dNSESRatrbWOjgK4:Dy/pWu4m5RatrbvMK4
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
�����H�.pyc
-
Size
1KB
-
MD5
be4d47fed5755f7b893a13a7230dd2fa
-
SHA1
5d780bb0b88495d7cc5f574d88f71e14b0ac3f71
-
SHA256
63aa685e36a3ef7d0a89d916aba88c4ca0485f2e6eaa164e9a3889da2930a80b
-
SHA512
f1e893b715d9048b66633430170eded7484131dcc92824598af6943b2ab10f4c7642b2fa18247d76365a45efdaf3cc2fda9fa18e3926f01711ff8390e3feac9b
Score1/10 -