A step-by-step analysis of the new malware used by APT28/Sofacy called SkinnyBoy

Summary The malware extracts configuration information about the machine that it infects using the systeminfo command, and then it retrieves the list of processes by spawning a tasklist process. The content of the following directories, along with the processes’ output, is base64-encoded and exfiltrated to the C2 server updaterweb[.]com: Desktop folder C:\Program Files C:\Program Files […]

A step-by-step analysis of the new malware used by APT28/Sofacy called SkinnyBoy Read More »