General

  • Target

    slinkyloader.exe

  • Size

    20.9MB

  • Sample

    240427-tj7rpadd6t

  • MD5

    5bf94f8a94eb81dade9a820cf57fbd74

  • SHA1

    fe154f424cd85f2f2b81320618bad90f90255080

  • SHA256

    cc9816aeb1880b9032a50641ad31f2b549b155a6235515a11c4576760cd06f95

  • SHA512

    817aa213f8019bf1a7f5f5c5dea86f8f88ea3f09245709b09e3e9bc50f091d1100f38de4bfc4446858792e1ce52142ffb40a593ce3bed05ea095a284e1abdc94

  • SSDEEP

    49152:/LM0n/zHmy6WSHo/2yj3j7D8CiqEkYzmTTFV8NfuT2qykAu0pH8dK15t:/LM0OWjdjViqnH1V8sqtHCKj

Malware Config

Targets

    • Target

      slinkyloader.exe

    • Size

      20.9MB

    • MD5

      5bf94f8a94eb81dade9a820cf57fbd74

    • SHA1

      fe154f424cd85f2f2b81320618bad90f90255080

    • SHA256

      cc9816aeb1880b9032a50641ad31f2b549b155a6235515a11c4576760cd06f95

    • SHA512

      817aa213f8019bf1a7f5f5c5dea86f8f88ea3f09245709b09e3e9bc50f091d1100f38de4bfc4446858792e1ce52142ffb40a593ce3bed05ea095a284e1abdc94

    • SSDEEP

      49152:/LM0n/zHmy6WSHo/2yj3j7D8CiqEkYzmTTFV8NfuT2qykAu0pH8dK15t:/LM0OWjdjViqnH1V8sqtHCKj

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks