Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

SlipWare/E...ed.dll

windows7-x64

1

SlipWare/E...ed.dll

windows10-2004-x64

1

SlipWare/N...on.dll

windows7-x64

1

SlipWare/N...on.dll

windows10-2004-x64

1

SlipWare/SlipWare.exe

windows7-x64

10

SlipWare/SlipWare.exe

windows10-2004-x64

10

SlipWare/S...rs.dll

windows7-x64

1

SlipWare/S...rs.dll

windows10-2004-x64

1

SlipWare/S...rs.dll

windows7-x64

1

SlipWare/S...rs.dll

windows10-2004-x64

1

SlipWare/S...fe.dll

windows7-x64

1

SlipWare/S...fe.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SlipWare.rar

  • Size

    32.7MB

  • Sample

    240726-mkt4navhkc

  • MD5

    5ff8ddd5cf4dfdad86b5106a22a2914c

  • SHA1

    616aa5e004bc2624e132fa534772dc4451ff2847

  • SHA256

    ed0d39053bb6af8bfc79d1ab45677b9f0c953a7759b7f4cfd59aa6a7a6ed0c9e

  • SHA512

    a2bb8098bceaefbaa604c689ebb5640320ee15db170a77fc5ff5aeca93cd38f6c9747328811715827470ffaa6a9ac7b7d1a2c8ed39111c0163c72a297e326477

  • SSDEEP

    786432:Np9jLAQxas3ZNFZSY2c/AsqBM8n39osYFp0Dz9ZAUZSHpL+dPBS:NZas3ZNFZh1wM8GsYFpozrAJHpMZS

Score
10/10
eternitycredential_accessdiscoveryexecutionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      SlipWare/ENet.Managed.dll

    • Size

      827KB

    • MD5

      cf9a52a66d1646b5f3e57bcaee94fd73

    • SHA1

      dabd793aea031d58fd173bb752cf8adcc61845e0

    • SHA256

      e864c7b0aac1abe4eb9f74b28bb413586de1a48198b9e009eb3999e68a9c8583

    • SHA512

      557a351908310410562789f58b8f5c51049fd09394c4e8282838e0bec5338222131257b781e77d91a801de5bc38800ffb3f6f1cab494a10817c902c9f6d4b84b

    • SSDEEP

      12288:kE4RqwhxzcEtaJzhp/tDLb3Oun7H0HLv3rJmZLcyKu7RTT6akCNDV4X:kE4xYFVDP5ALTMLp/t7kCNG

    Score
    1/10
    behavioral1behavioral2

    • Target

      SlipWare/Newtonsoft.Json.dll

    • Size

      659KB

    • MD5

      4df6c8781e70c3a4912b5be796e6d337

    • SHA1

      cbc510520fcd85dbc1c82b02e82040702aca9b79

    • SHA256

      3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af

    • SHA512

      964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

    • SSDEEP

      12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn

    Score
    1/10
    behavioral3behavioral4

    • Target

      SlipWare/SlipWare.exe

    • Size

      32.9MB

    • MD5

      88c7918696a9fd912abae1bae9e15a8b

    • SHA1

      c480587139e54de4e82fd82ccd65edf349c07cc8

    • SHA256

      08bd472c2e983b1438adcd55e93229f00db673dfffc48ab673aca782a9f42ba4

    • SHA512

      b19fb4eacec87b4c1c5ede0bc52ad147e0c271403839cdff385b259a90dff29b32ce94f4f79bd47cc37f16e4dfe83bd9034721ec346af656a1bab0551fb7f1fb

    • SSDEEP

      786432:TJkErUyK2oxbQA3r13zxwr53xJDXQFzfxp0DrJcx0d:TJkEjEbv3rVQ3gzCJcxW

    Score
    10/10
    eternitypyinstallerstealercredential_accessdiscoveryexecutionspyware

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

    • Target

      SlipWare/System.Buffers.dll

    • Size

      20KB

    • MD5

      a48936868abf91274def7231aa52dbb5

    • SHA1

      f02fa5231536c0dd9cef9e84e609646b23d5d33c

    • SHA256

      423200010a7684763451473a4fb206dfa074fc8249676621ef9d9a13417d364d

    • SHA512

      c8fe3d1314794ae7071a647e328a46a30e6d96e574daa896fcebebf6bb51ce0af14e6cc63a0e1600a0e4adbc7aa18e97ee58581adccac23981c029ea782b5f9d

    • SSDEEP

      384:ay/fjFwUI/KQyVvKdDhG6ISDFWvYW8aIcyHRN7WEg2ly0:auhMaVmzDC6b

    Score
    1/10
    behavioral7behavioral8

    • Target

      SlipWare/System.Numerics.Vectors.dll

    • Size

      113KB

    • MD5

      aaa2cbf14e06e9d3586d8a4ed455db33

    • SHA1

      3d216458740ad5cb05bc5f7c3491cde44a1e5df0

    • SHA256

      1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

    • SHA512

      0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

    • SSDEEP

      1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS

    Score
    1/10
    behavioral10behavioral9

    • Target

      SlipWare/System.Runtime.CompilerServices.Unsafe.dll

    • Size

      16KB

    • MD5

      c4cfe03f75bc01969bc936c9c09baa12

    • SHA1

      cb96ea48ee8aa9fe764d6f1ec30751001a0a646d

    • SHA256

      a2d38a330df390cc739689369a36520fe491d3660d73974eb46b51608f50675b

    • SHA512

      6db15403523b6c966d7aa6906cfc219a956f6c7a68c60774e9ed9f261df1a4d6731b92c59f3caafaeb345b853cd237fa163155b8b8e7825ba69a634878c929e2

    • SSDEEP

      192:RMyaqO8cxdQWXYWJeaotWsI9A9GaHnhWgN7aJeWwgCWuXqnaju02aU:RTO9dQWXYW8aocyHRN7WEgSly0

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.