General

  • Target

    slinkyloader.exe

  • Size

    17.5MB

  • Sample

    240427-xwla1aee73

  • MD5

    0e2e98f4e97316c7d6613bb10149fcf1

  • SHA1

    dffa4e7ec86befeec114f7a7e5ceaf752e7b84f4

  • SHA256

    bb250b5edfed1c3d0a8bac249f57ec5971b34d8435b7657bf3e57a73556ecfdd

  • SHA512

    a232ee6ae96cf87fdc2633639474b27ac08bb691fbe690da151a761a167fffa555fd3da0a5ce7ca0b66097c5fb476890b754a8cf9527c5d8328b1550f71991a1

  • SSDEEP

    393216:1+c50Fa7K39n0LHOz3tcA/YFspJfUXvakYHQFSdbhALSVQtikwtW3Jigc:xot3uLuz3tM6rfUXCkYgU/VQti/W35

Malware Config

Extracted

Family

redline

Botnet

Fake Slinky

C2

ii-restored.gl.at.ply.gg:43416

Targets

    • Target

      slinkyloader.exe

    • Size

      17.5MB

    • MD5

      0e2e98f4e97316c7d6613bb10149fcf1

    • SHA1

      dffa4e7ec86befeec114f7a7e5ceaf752e7b84f4

    • SHA256

      bb250b5edfed1c3d0a8bac249f57ec5971b34d8435b7657bf3e57a73556ecfdd

    • SHA512

      a232ee6ae96cf87fdc2633639474b27ac08bb691fbe690da151a761a167fffa555fd3da0a5ce7ca0b66097c5fb476890b754a8cf9527c5d8328b1550f71991a1

    • SSDEEP

      393216:1+c50Fa7K39n0LHOz3tcA/YFspJfUXvakYHQFSdbhALSVQtikwtW3Jigc:xot3uLuz3tM6rfUXCkYgU/VQti/W35

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks