General
-
Target
Slink.exe
-
Size
70.9MB
-
Sample
231217-vgd72afadr
-
MD5
6d4020edb92b17f128d5907fa9e9e12c
-
SHA1
7f597626b1b27cb7ad4f7f88369da4ec8d53c8f6
-
SHA256
9a6a5da1e9c584e2a31c61651732283cefcf8a67f7de9da56950367a43a8a91c
-
SHA512
2b03a732212b7c209bcf7502cdae675968e3c9bef1fbc4d1f62cf1f813f71b8a0d5b172e68603f83f1bff44a614ca28589da05025ed107043595e470877bddfb
-
SSDEEP
1572864:74/4rzOchP3m94oOdBP3blepILhjdjb9KYOprfnXQXTKeNivFCkD2N7:kkqcdn3/wOBbUYOprPXQuZtCMQ7
Static task
static1
Behavioral task
behavioral1
Sample
Slink.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Slink.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Slink.exe
-
Size
70.9MB
-
MD5
6d4020edb92b17f128d5907fa9e9e12c
-
SHA1
7f597626b1b27cb7ad4f7f88369da4ec8d53c8f6
-
SHA256
9a6a5da1e9c584e2a31c61651732283cefcf8a67f7de9da56950367a43a8a91c
-
SHA512
2b03a732212b7c209bcf7502cdae675968e3c9bef1fbc4d1f62cf1f813f71b8a0d5b172e68603f83f1bff44a614ca28589da05025ed107043595e470877bddfb
-
SSDEEP
1572864:74/4rzOchP3m94oOdBP3blepILhjdjb9KYOprfnXQXTKeNivFCkD2N7:kkqcdn3/wOBbUYOprPXQuZtCMQ7
Score10/10-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-