General

  • Target

    Slink.exe

  • Size

    70.9MB

  • Sample

    231217-vgd72afadr

  • MD5

    6d4020edb92b17f128d5907fa9e9e12c

  • SHA1

    7f597626b1b27cb7ad4f7f88369da4ec8d53c8f6

  • SHA256

    9a6a5da1e9c584e2a31c61651732283cefcf8a67f7de9da56950367a43a8a91c

  • SHA512

    2b03a732212b7c209bcf7502cdae675968e3c9bef1fbc4d1f62cf1f813f71b8a0d5b172e68603f83f1bff44a614ca28589da05025ed107043595e470877bddfb

  • SSDEEP

    1572864:74/4rzOchP3m94oOdBP3blepILhjdjb9KYOprfnXQXTKeNivFCkD2N7:kkqcdn3/wOBbUYOprPXQuZtCMQ7

Malware Config

Targets

    • Target

      Slink.exe

    • Size

      70.9MB

    • MD5

      6d4020edb92b17f128d5907fa9e9e12c

    • SHA1

      7f597626b1b27cb7ad4f7f88369da4ec8d53c8f6

    • SHA256

      9a6a5da1e9c584e2a31c61651732283cefcf8a67f7de9da56950367a43a8a91c

    • SHA512

      2b03a732212b7c209bcf7502cdae675968e3c9bef1fbc4d1f62cf1f813f71b8a0d5b172e68603f83f1bff44a614ca28589da05025ed107043595e470877bddfb

    • SSDEEP

      1572864:74/4rzOchP3m94oOdBP3blepILhjdjb9KYOprfnXQXTKeNivFCkD2N7:kkqcdn3/wOBbUYOprPXQuZtCMQ7

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks