Overview

overview

10

Static

static

10

SlipWare/E...ed.dll

windows7-x64

1

SlipWare/E...ed.dll

windows10-2004-x64

1

SlipWare/N...on.dll

windows7-x64

1

SlipWare/N...on.dll

windows10-2004-x64

1

SlipWare/SlipWare.exe

windows7-x64

10

SlipWare/SlipWare.exe

windows10-2004-x64

10

SlipWare/S...rs.dll

windows7-x64

1

SlipWare/S...rs.dll

windows10-2004-x64

1

SlipWare/S...rs.dll

windows7-x64

1

SlipWare/S...rs.dll

windows10-2004-x64

1

SlipWare/S...fe.dll

windows7-x64

1

SlipWare/S...fe.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SlipWare.rar

  • Size

    32.7MB

  • Sample

    240726-mkt4navhkc

  • MD5

    5ff8ddd5cf4dfdad86b5106a22a2914c

  • SHA1

    616aa5e004bc2624e132fa534772dc4451ff2847

  • SHA256

    ed0d39053bb6af8bfc79d1ab45677b9f0c953a7759b7f4cfd59aa6a7a6ed0c9e

  • SHA512

    a2bb8098bceaefbaa604c689ebb5640320ee15db170a77fc5ff5aeca93cd38f6c9747328811715827470ffaa6a9ac7b7d1a2c8ed39111c0163c72a297e326477

  • SSDEEP

    786432:Np9jLAQxas3ZNFZSY2c/AsqBM8n39osYFp0Dz9ZAUZSHpL+dPBS:NZas3ZNFZh1wM8GsYFpozrAJHpMZS

Score
10/10
eternitycredential_accessdiscoveryexecutionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      SlipWare/ENet.Managed.dll

    • Size

      827KB

    • MD5

      cf9a52a66d1646b5f3e57bcaee94fd73

    • SHA1

      dabd793aea031d58fd173bb752cf8adcc61845e0

    • SHA256

      e864c7b0aac1abe4eb9f74b28bb413586de1a48198b9e009eb3999e68a9c8583

    • SHA512

      557a351908310410562789f58b8f5c51049fd09394c4e8282838e0bec5338222131257b781e77d91a801de5bc38800ffb3f6f1cab494a10817c902c9f6d4b84b

    • SSDEEP

      12288:kE4RqwhxzcEtaJzhp/tDLb3Oun7H0HLv3rJmZLcyKu7RTT6akCNDV4X:kE4xYFVDP5ALTMLp/t7kCNG

    Score
    1/10
    behavioral1behavioral2

    • Target

      SlipWare/Newtonsoft.Json.dll

    • Size

      659KB

    • MD5

      4df6c8781e70c3a4912b5be796e6d337

    • SHA1

      cbc510520fcd85dbc1c82b02e82040702aca9b79

    • SHA256

      3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af

    • SHA512

      964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

    • SSDEEP

      12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn

    Score
    1/10
    behavioral3behavioral4

    • Target

      SlipWare/SlipWare.exe

    • Size

      32.9MB

    • MD5

      88c7918696a9fd912abae1bae9e15a8b

    • SHA1

      c480587139e54de4e82fd82ccd65edf349c07cc8

    • SHA256

      08bd472c2e983b1438adcd55e93229f00db673dfffc48ab673aca782a9f42ba4

    • SHA512

      b19fb4eacec87b4c1c5ede0bc52ad147e0c271403839cdff385b259a90dff29b32ce94f4f79bd47cc37f16e4dfe83bd9034721ec346af656a1bab0551fb7f1fb

    • SSDEEP

      786432:TJkErUyK2oxbQA3r13zxwr53xJDXQFzfxp0DrJcx0d:TJkEjEbv3rVQ3gzCJcxW

    Score
    10/10
    eternitypyinstallerstealercredential_accessdiscoveryexecutionspyware

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

    • Target

      SlipWare/System.Buffers.dll

    • Size

      20KB

    • MD5

      a48936868abf91274def7231aa52dbb5

    • SHA1

      f02fa5231536c0dd9cef9e84e609646b23d5d33c

    • SHA256

      423200010a7684763451473a4fb206dfa074fc8249676621ef9d9a13417d364d

    • SHA512

      c8fe3d1314794ae7071a647e328a46a30e6d96e574daa896fcebebf6bb51ce0af14e6cc63a0e1600a0e4adbc7aa18e97ee58581adccac23981c029ea782b5f9d

    • SSDEEP

      384:ay/fjFwUI/KQyVvKdDhG6ISDFWvYW8aIcyHRN7WEg2ly0:auhMaVmzDC6b

    Score
    1/10
    behavioral7behavioral8

    • Target

      SlipWare/System.Numerics.Vectors.dll

    • Size

      113KB

    • MD5

      aaa2cbf14e06e9d3586d8a4ed455db33

    • SHA1

      3d216458740ad5cb05bc5f7c3491cde44a1e5df0

    • SHA256

      1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

    • SHA512

      0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

    • SSDEEP

      1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS

    Score
    1/10
    behavioral10behavioral9

    • Target

      SlipWare/System.Runtime.CompilerServices.Unsafe.dll

    • Size

      16KB

    • MD5

      c4cfe03f75bc01969bc936c9c09baa12

    • SHA1

      cb96ea48ee8aa9fe764d6f1ec30751001a0a646d

    • SHA256

      a2d38a330df390cc739689369a36520fe491d3660d73974eb46b51608f50675b

    • SHA512

      6db15403523b6c966d7aa6906cfc219a956f6c7a68c60774e9ed9f261df1a4d6731b92c59f3caafaeb345b853cd237fa163155b8b8e7825ba69a634878c929e2

    • SSDEEP

      192:RMyaqO8cxdQWXYWJeaotWsI9A9GaHnhWgN7aJeWwgCWuXqnaju02aU:RTO9dQWXYW8aocyHRN7WEgSly0

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks