General

  • Target

    slinkyloader.exe

  • Size

    23.5MB

  • Sample

    240628-syqw2syckq

  • MD5

    3952c2a62291e9be0bddca7005249f8e

  • SHA1

    6ad5547d0d3bef0628f802773c2247ddc102b404

  • SHA256

    0f9e5066851afed854a8389ac95f6e33c4b3d515bdf9677733f8d93a648c7eeb

  • SHA512

    6c1b36e5e02c39b6f46c2f9066df665ec28e025492a5a4eda8c7e1d9d72b0b854b6370912d273118ee03e74b7dc2f9690e81fe89e533ca21daa02be19af0661e

  • SSDEEP

    393216:KgZEAbTV21OEi/UMnspnKCCGojD4Fu6eEqu6EWkzo11Hpxh60XPLv0d9Nh/FqyfY:nEGs1OEi/UMnspKXk8BEWL11JDjszb47

Malware Config

Targets

    • Target

      slinkyloader.exe

    • Size

      23.5MB

    • MD5

      3952c2a62291e9be0bddca7005249f8e

    • SHA1

      6ad5547d0d3bef0628f802773c2247ddc102b404

    • SHA256

      0f9e5066851afed854a8389ac95f6e33c4b3d515bdf9677733f8d93a648c7eeb

    • SHA512

      6c1b36e5e02c39b6f46c2f9066df665ec28e025492a5a4eda8c7e1d9d72b0b854b6370912d273118ee03e74b7dc2f9690e81fe89e533ca21daa02be19af0661e

    • SSDEEP

      393216:KgZEAbTV21OEi/UMnspnKCCGojD4Fu6eEqu6EWkzo11Hpxh60XPLv0d9Nh/FqyfY:nEGs1OEi/UMnspKXk8BEWL11JDjszb47

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks