Overview
overview
7Static
static
3K&S.rar
windows7-x64
1K&S.rar
windows10-2004-x64
1Karma.exe
windows7-x64
7Karma.exe
windows10-2004-x64
alansito_file.pyc
windows7-x64
3alansito_file.pyc
windows10-2004-x64
3Slinky.exe
windows7-x64
7Slinky.exe
windows10-2004-x64
alansito_file.pyc
windows7-x64
3alansito_file.pyc
windows10-2004-x64
3slinky_library.dll
windows7-x64
5slinky_library.dll
windows10-2004-x64
5slinkyhook.dll
windows7-x64
1slinkyhook.dll
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 19:21
Behavioral task
behavioral1
Sample
K&S.rar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
K&S.rar
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
Karma.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Karma.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
alansito_file.pyc
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
alansito_file.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Slinky.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Slinky.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
alansito_file.pyc
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
alansito_file.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
slinky_library.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
slinky_library.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
slinkyhook.dll
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
slinkyhook.dll
Resource
win10v2004-20231222-en
General
-
Target
Slinky.exe
-
Size
82.7MB
-
MD5
af32a4c8b24a795f4b383f142b9facad
-
SHA1
37c991eee4f3d39b08fa88a9b6c27b325651cd0e
-
SHA256
b13e38c5c9739c7c0bd920be4f7ebc7d51ab5e6a7e71cefded92ffede85c6152
-
SHA512
80685fcf840527d52006f69d2f4ee840df56516220759d72ac71e82aa9c13874830f4bd34ee6566941b575cbc0c97a7688fc7236e2004b4eaef8fdfca7c525d6
-
SSDEEP
393216:0jAPfF3dNPVLCEDLQzH2ciIrHW4H//ozidkjR1ewaOR:gAjLCEDLQzkIL7/w6kfewaOR
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2444 Slinky.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2444 2512 Slinky.exe 29 PID 2512 wrote to memory of 2444 2512 Slinky.exe 29 PID 2512 wrote to memory of 2444 2512 Slinky.exe 29
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD517aa1a684434f5b5d2b90ce39f1b23be
SHA1da628bc84ae2f116f5c6fc0b26c0c6d4c6ea2e1b
SHA256f0a5549d0d9f1f6935d80ad53c02b5beed58aaad9a9bb7a94d1baf25ad9f7bb1
SHA512b51a5893564a2a94f4c74976a60d8187aabfe1d339707ba1f24b0c6594cef8cd79b9d4a4a2e8db5d0afcaeb2012ce1b59a81434050d49a10389cc9a43f23d526
-
Filesize
1.9MB
MD503a635cd436a20cf700cbc9177ac1a0c
SHA10d2d975de9c6493d2437ef7d41f1999b7a3fd0c4
SHA256428b0c54adf1d550a0ed0054d6e5a51b3f055200cd09444137c7e8c482b5458d
SHA51210cafaaee2d06de8803d4a2b20879957a5c0e0ed67cd4493cef88f184c08032753812b250cf186131ec39aa28ef562455e62cf3a73e9e90b7514354cba32eb8f