Overview

overview

10

Static

static

10

slinkyloader.exe

windows10-ltsc 2021-x64

10

��=�ǬN.pyc

windows10-ltsc 2021-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [GLeaks.pro] slinkyloader.rar

  • Size

    24.3MB

  • Sample

    241108-qyr31awkbr

  • MD5

    364e700b6fc9de6d47928a58d04ea0e4

  • SHA1

    088c0d0a290e908850eae58f9ca25a4cbc59dcad

  • SHA256

    b23f7797a193606d9e048d3918f617c395b29fce757667ef10606b5a5c326a2b

  • SHA512

    5b2ba8ff2cc567288cf7fbb3a3af5e406b82528a54d204a48de8044d7490a3e12f34d423e06a095aac9433531d5a208531fdfe60c8514cc1b9826c0172e94bed

  • SSDEEP

    393216:yP0LLlaUzqg0FY9Ril4S6vZddPumE7ztts4WicI7+M1tVY25EQ+tnKZE7HoT:aElzqBY9RM4SKHdPumd4nl1bqCJ+hza

Score
10/10
blankgrabbercredential_accessdiscoveryevasionexecutionspywarestealerupx

Malware Config

Targets

    • Target

      slinkyloader.exe

    • Size

      24.3MB

    • MD5

      916f9a50e4219d05f64b9376851cb94b

    • SHA1

      ee077b680b175fe4d169ee8e6bff09ceecb84b4c

    • SHA256

      21d15ef5aac5499e0d3169a98fa97f0baed23f4a98d439819025ba3a5af96a4f

    • SHA512

      a33bf381ff57a97a56fa169814232fccd8fcf2741a260fed1929743d39ab337aa7b28b56a19554bde012188ca0582c4cdacb74738f1f67a3180dc37eaf8215af

    • SSDEEP

      786432:orEGs1OEi/UMnspKXk8BEWL11JDjszSljW2a3:D1Ob8YXvJv1Yz13

    Score
    10/10
    credential_accessdiscoveryevasionexecutionspywarestealerupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      ��=�ǬN.pyc

    • Size

      1KB

    • MD5

      ccd69c8ebc4c6a55ba0c391f7bf82da1

    • SHA1

      51068302d14908e3720a58c4cd64d405006d4292

    • SHA256

      b7a181102f2328bd0acf48380f1b57ad30ba0789388fc3bd2de6e56b5af77377

    • SHA512

      45e5174cdadc5309b765b86c3fec66925880e09ceb4a8c0e9406dcf00ea393c364da4063f644b22de55711cddd8c494854e60f78713abd49fcc220c4bf80b6ec

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks