General
-
Target
slinkyloader.exe
-
Size
23.5MB
-
Sample
240628-sxsz1sycjq
-
MD5
3952c2a62291e9be0bddca7005249f8e
-
SHA1
6ad5547d0d3bef0628f802773c2247ddc102b404
-
SHA256
0f9e5066851afed854a8389ac95f6e33c4b3d515bdf9677733f8d93a648c7eeb
-
SHA512
6c1b36e5e02c39b6f46c2f9066df665ec28e025492a5a4eda8c7e1d9d72b0b854b6370912d273118ee03e74b7dc2f9690e81fe89e533ca21daa02be19af0661e
-
SSDEEP
393216:KgZEAbTV21OEi/UMnspnKCCGojD4Fu6eEqu6EWkzo11Hpxh60XPLv0d9Nh/FqyfY:nEGs1OEi/UMnspKXk8BEWL11JDjszb47
Behavioral task
behavioral1
Sample
slinkyloader.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
slinkyloader.exe
-
Size
23.5MB
-
MD5
3952c2a62291e9be0bddca7005249f8e
-
SHA1
6ad5547d0d3bef0628f802773c2247ddc102b404
-
SHA256
0f9e5066851afed854a8389ac95f6e33c4b3d515bdf9677733f8d93a648c7eeb
-
SHA512
6c1b36e5e02c39b6f46c2f9066df665ec28e025492a5a4eda8c7e1d9d72b0b854b6370912d273118ee03e74b7dc2f9690e81fe89e533ca21daa02be19af0661e
-
SSDEEP
393216:KgZEAbTV21OEi/UMnspnKCCGojD4Fu6eEqu6EWkzo11Hpxh60XPLv0d9Nh/FqyfY:nEGs1OEi/UMnspKXk8BEWL11JDjszb47
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-