General
-
Target
slither.io.zip
-
Size
47.6MB
-
Sample
230203-yf4cbaec5w
-
MD5
f4548cb37ccb4ce25a843e19bd25c8c5
-
SHA1
c664b2fbfee3188bbdebac35e1b722a410880e0a
-
SHA256
3c90b3d32f3fe37632edfad2b768cf77d70e7de0d3291d0e5274ea8a7dc69141
-
SHA512
cabf2dd5ee5f3ee4b7cef7f7aacdff370466e27eaca6b174e216e9384998ecb81910e3ac9ee8a0de9d894d3d6fc62e18d06975b8b8c02297fad5cca9a92c3865
-
SSDEEP
786432:3aQ+oyKI4ji+/zd5Ke2QLpfWc7xy1tH4n0nhZoT1b+Fe69oAEpEXGlae7NEBSZ/l:R+wkILlZxyk0noTR+FekoHvaef/+XGZz
Malware Config
Targets
-
-
Target
Slither x32y 64/Slither.exe
-
Size
1.1MB
-
MD5
8b6e003d671e43521c29e447c3c7e270
-
SHA1
b6019a010a50bca81b8d3baeb5516fde6397f44d
-
SHA256
0930fd18d2ab158561841531784ae14f7681020e01320239ef0603bab1db4b30
-
SHA512
26cad28f330201fe6471d2016f8aab66e7e18acf423b1c616fa1be5db8cf6c198d63db4b9584c3f6051fcd59b29b97e63ab37e6ddd548933ad174b2bfa2cc613
-
SSDEEP
24576:RhbjXbCjgIv4An+9LPiG0WBliA/DKZvCbD1gG5:fbXCj6AWPiY2A/DKZabRj5
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
Slither x32y 64/d3dcompiler_47.dll
-
Size
3.5MB
-
MD5
02e034cd47aa9a633f6aaef348dbbba0
-
SHA1
424682cf2f3878c0195f0f4cd250856a0ef871b8
-
SHA256
ff86503cdb204570491a81bd45fd9812652ba20a1bbbaf2533b7203fc4469854
-
SHA512
0ffb5efaef0780be68633957a40e27c76625a6558a14d0671c85ac3cf8810f3c1e79f3281084dc05034b69447e999c420c1d248503001454c62d0eff320fd6e1
-
SSDEEP
49152:DXxztRVg63VCssRWQnP73DPFeYjLpZyLpsRug4TJz07+GN:DBzrVgoVCbLxTpkpsRugYiN
Score3/10 -
-
-
Target
Slither x32y 64/dxwebsetup.exe
-
Size
292KB
-
MD5
880a353dc9ab4202f2cfbec1cb37181d
-
SHA1
0bafee10ed68194fb332d3b46f7d92c8ad962843
-
SHA256
6b5c9cec68c7f3c0ba98b8d0b335f1be8ea4cd37fb02b4c81ecc1a95ef6d9578
-
SHA512
795db9946ac4bac6af4afcbd2e87671b45c488ea32d61daa821012f0213bde76af1d7ae395b9adfdc0fed5fd80367e232a6bc1d834e7dc9028b885fa908149d8
-
SSDEEP
6144:OWK8faaQMbjFtVNtHb7RGb/Mp7mgypysDVpU2drVxP:LaaQMXDFFfp7S5DbU2RP
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
Slither x32y 64/ffmpeg.dll
-
Size
1003KB
-
MD5
843d0b77ad0f97abdbf1c35f80ddf817
-
SHA1
fa26030bd8f6d6a1da7e45c996eb2546580d7d4a
-
SHA256
69db97f02c0ec74d90c9271c606e0de27c5c64e364c5d016fba1bd5dfc8a7236
-
SHA512
783080f7f4bd642c2c053b3e1eca1870dc46a4e3742b9ef24de12d128ec34680749719dec33353f964cd79e6c0fd750a6471722b1a3c9afe89663788d002388b
-
SSDEEP
12288:uP1N1ouo5xthlk6nLXRnqm12d/eO7PB7vApFU3utrM0f4+ZqsaEeY0:jxjlPp1ySFxVf4+n+
Score3/10 -
-
-
Target
Slither x32y 64/libEGL.dll
-
Size
74KB
-
MD5
ab83335258d3197288cbbebbf82f427d
-
SHA1
d31de342b98f4fa2f572934094063d553fc87caf
-
SHA256
96be29f99578c53633fefdbb87c77390c6c99e5a9276f1a39680cf87a76f76bb
-
SHA512
95fd2641c1311efd2d08b9ebbeae8f99c92fc81ad3eae37391134a03b71674f3eb7fab7fa73976f607a2f05c5716620c4657f033887f0b8b6e4630d3c9bfd1e1
-
SSDEEP
1536:32X7sLvVAe7ii4LtFfgwWJFc8msWjcdc3pyK2/:3Y7wvViLZ0J4yK
Score1/10 -
-
-
Target
Slither x32y 64/libGLESv2.dll
-
Size
2.0MB
-
MD5
30ce10fdfee479f7fc6398367cff8f88
-
SHA1
1bfcb9dd6669ea4a6ca573a361ee5832fddfbd68
-
SHA256
e8213604f0543f0fe6e4960a8e17f0ac82a4babcd8ca3e9d0bf43425399caba4
-
SHA512
c38710eab8d1a124b93955c56d128a8bc46ebf9894973979687dae78f52c80cc57c0d26c57123b681aaa52c2af684ea604b79239eb81e1717e569ea61ae61d69
-
SSDEEP
49152:7JnmUESzXI/EETayvIi6UX5mgLZcYUMvbZL:pmyoAywjsMW5v
Score1/10 -
-
-
Target
Slither x32y 64/natives_blob.bin
-
Size
402KB
-
MD5
8f4d6515f4d321313a39a659c3c5ff01
-
SHA1
f4c95f1abd24c715a3dd4b3e4c9cff5decda7250
-
SHA256
7d9c0c4d88618bdd16bb0681fdec1dd736e2ed1141ae527a27b22fb93f27848f
-
SHA512
3c00eb9a8ca8d076140df0071cfa702e1c032edbc20481bb7f7b7a88c1a82c959b8ac901182c2f9d235f55b4528c8e12b1e765119f1e784645c61f66c1c2b007
-
SSDEEP
12288:ln3Cj7CQaMiyMzQ77Ua7Zm6ap4avfyM3G:lnk7CQWfy9
Score1/10 -
-
-
Target
Slither x32y 64/node.dll
-
Size
3.0MB
-
MD5
d3a05d58135ff127809aef74ba5f450d
-
SHA1
af13b12297df1f677113fa4dc5484bcc03cd544c
-
SHA256
667ca7ba7937159e384902d0beb91e6de0c6d422cd5bf30c0a376af8c31c804b
-
SHA512
10536abd9aaacb3189e7288782d25f28b49d5ae8a42a5795780fef3c50bba6e093647a18def0eefdb8f7527f0c97dd80392b9d4b2865db652761e8eeba96fcb8
-
SSDEEP
49152:TQ5eHjb4RG33EVvcT/ETwF49sKneit6QsxsKBGgyqUyLbMDd4qaP1TXtcZ:TfnEUF49sKnea6S
Score10/10-
Modifies system executable filetype association
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Slither x32y 64/nw.dll
-
Size
68.0MB
-
MD5
4095865a5658450bb415dcbe4d854580
-
SHA1
6ffba25849a6a6c0df63f89653a4d79c3c553815
-
SHA256
a43a6dbebbea327dd5a64f051ce27b4e24cf66c7213a1de7f3a357e380c68f45
-
SHA512
60b2e139469e534c886b133a6fa1ad5280d29e7ffc070f169971b9619536c18da41e4bb9c048a83dd39aa421590745a909f7717c4847120be460e672a32e2183
-
SSDEEP
1572864:RuCwol9s/loA881aY2p6ab63gs9rHEfSoMmZMzbe75lgCSBbe8fAUTJ:RuKOhkk97EZMmZMzbe7ECk
Score3/10 -
-
-
Target
Slither x32y 64/nw.exe
-
Size
1.2MB
-
MD5
1e0a6531ac049218b21117bae9f1c97c
-
SHA1
d84a9b8027b137798763a2719b10511200c803ed
-
SHA256
6ce31b657cd28cdd5bf665cf7dd45ccf235a8031d16134ec868f84875f9ef553
-
SHA512
e9f0d55b66e6f4bef41252e4853610d95c22c05868f8de86da9545b19020123934f606cf5000634333b505325b3a930e820bc631140c3d189f21b2b861818a65
-
SSDEEP
24576:QhbjXbCjgIv4An+9LPiG0WBliA/DlrmqyDjG5:2bXCj6AWPiY2A/DsO5
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
Slither x32y 64/nw_100_percent.pak
-
Size
782KB
-
MD5
9e31a627ebb5e8a4068d85dc246e085e
-
SHA1
2530ab0404910db50ae3039daef26b968d8d8a23
-
SHA256
11cc80f8957b8340e97f4139f12795d1d6188cd491c7a1d55fba5cb65356cf96
-
SHA512
4be8baf4bbf83a0cbe0982e30d4940e3a9205796c11c0f43bfd3c6eb5b50fd46b3b98b9f618356b676399164b36a7e3774aa6f8519be524d6ad3da85e5ead35e
-
SSDEEP
12288:ddBjAyF9ArrEzUJsdLGto0EHxg9PUzUhgL:nBjFF9ASUJ4StGePUzU6L
Score1/10 -
-
-
Target
Slither x32y 64/nw_200_percent.pak
-
Size
1.1MB
-
MD5
a2720e9aa2049547154cabb667db0b60
-
SHA1
5a0f7adf1eea4bcb0760d399b3ef93540974ea57
-
SHA256
f90e07e3a836ff19287897bb8cfa50d748936946b69b43353268d8186297b6ec
-
SHA512
55c00a96a15676cc54a5e87e5ece109a0579ad93127fbda88d6d6bcdee1d140011f7f11344fa66049d9ec4825e0094f55c778ec918e8e98dd7b6fd8fa13db1b8
-
SSDEEP
24576:+qBjFF9A/Dm9LrY4RcLlRglyv9dQ7gRIVDEl4nbaM:xBP9A/69f/RwlR5agRUaY
Score1/10 -
-
-
Target
Slither x32y 64/nw_elf.dll
-
Size
114KB
-
MD5
9c18fed3911b120bc6cf07b698ac88fb
-
SHA1
4a836b85d3105a47aa5bdbe0de0d4732cbd0b774
-
SHA256
85d78b7f5ffb9d528c361824e2f25fa8e55ee8fbf2bf64140d925d91239fe109
-
SHA512
5eee334a58cccbb652da9f2459d0e7bc5703b8f9568d0c9a216f78fa86b2908e614ead82eb2b7cde179ca57a60f687624e47293660115079fdc89efbe978e5f4
-
SSDEEP
3072:RFujVYV9TDv7zdB6ENLkS7+183ijVoSHi:HujKbTDv1hNLkS7v6F
Score3/10 -
-
-
Target
Slither x32y 64/resources.pak
-
Size
17.7MB
-
MD5
2b3514b3142fb3202bee4fa2b1b38d38
-
SHA1
7c6998408505dbbe2f1a7aae7de24c0a6fc94aea
-
SHA256
55f47e144b5285182fddb8dbb3234f8ad65c38e561ac03c8e9b6463be0f1190b
-
SHA512
94a242bfa1ccc669efd5d280488e1103a1eb75cebe4ade213f88264ff75334b8211007092958be8e208006483575d0d4ee0c966870e6cddf7dff30e41ab192df
-
SSDEEP
98304:ieuKZULT6j1hb9z1N9hMiJzBWQiNuFxGGG2pLTuC:ieuKZN5hJxhrZL
Score1/10 -