General
-
Target
slinkyloader.exe
-
Size
20.9MB
-
Sample
240427-tj7rpadd6t
-
MD5
5bf94f8a94eb81dade9a820cf57fbd74
-
SHA1
fe154f424cd85f2f2b81320618bad90f90255080
-
SHA256
cc9816aeb1880b9032a50641ad31f2b549b155a6235515a11c4576760cd06f95
-
SHA512
817aa213f8019bf1a7f5f5c5dea86f8f88ea3f09245709b09e3e9bc50f091d1100f38de4bfc4446858792e1ce52142ffb40a593ce3bed05ea095a284e1abdc94
-
SSDEEP
49152:/LM0n/zHmy6WSHo/2yj3j7D8CiqEkYzmTTFV8NfuT2qykAu0pH8dK15t:/LM0OWjdjViqnH1V8sqtHCKj
Malware Config
Targets
-
-
Target
slinkyloader.exe
-
Size
20.9MB
-
MD5
5bf94f8a94eb81dade9a820cf57fbd74
-
SHA1
fe154f424cd85f2f2b81320618bad90f90255080
-
SHA256
cc9816aeb1880b9032a50641ad31f2b549b155a6235515a11c4576760cd06f95
-
SHA512
817aa213f8019bf1a7f5f5c5dea86f8f88ea3f09245709b09e3e9bc50f091d1100f38de4bfc4446858792e1ce52142ffb40a593ce3bed05ea095a284e1abdc94
-
SSDEEP
49152:/LM0n/zHmy6WSHo/2yj3j7D8CiqEkYzmTTFV8NfuT2qykAu0pH8dK15t:/LM0OWjdjViqnH1V8sqtHCKj
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-