Overview

overview

10

Static

static

3

Slinky/Loader.exe

windows7-x64

10

Slinky/Loader.exe

windows10-2004-x64

10

Slinky/sli...ry.dll

windows7-x64

5

Slinky/sli...ry.dll

windows10-2004-x64

5

Slinky/slinkyhook.dll

windows7-x64

1

Slinky/slinkyhook.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Slinky Crack.zip

  • Size

    35.8MB

  • Sample

    241221-sa124s1rbj

  • MD5

    f4e1d5a6f15e0e31685fd44756f9f8ee

  • SHA1

    b2b00e08b80d3b6872aca48e24f8013e91bc6656

  • SHA256

    e47b56e70d125b9dfe3f11dc5b50f4e7a64445fd24d08e473610ef989b383a49

  • SHA512

    51c62dff2f71fdbc9c2855ed4826b7ce586fd070d1fe007db796714c6a64c3e3b0fde9da068e96b70d6a7fcc441deaf60f538734ba0f28d90913a8a6c52a57ef

  • SSDEEP

    786432:nxERxsxOF4zATDKbq/j6sdlvo+vZ3vDLgJHNAPHXU4JPuRKeGqyNTnAQh41m:nSnsYF47bq/j6cZfglNAs8rfH5T

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      Slinky/Loader.exe

    • Size

      18.4MB

    • MD5

      2fdc48889ea411ba067e41cf0e8cfcbe

    • SHA1

      6071e1684213eda46735d54a1d440e60f7946617

    • SHA256

      b90885a042482dc4184a4dad64c06da3dc1f866e182ccb04baeaa33d6efda0d4

    • SHA512

      121be2937214b34fb3531ab010ea0294c5dd485c2ba304bc17a5c3f17e2d64e80485adb1c2d1bc122330ffd0d30ad0fb7dd7859dc8bdbca28f0a79354839d154

    • SSDEEP

      393216:zSgEaQOUsxWQ3mzFxORTzATDZRSbqoOjV65y3hd7pvk11DMTW2wOprJfn:zxERxsxOF4zATDKbq/j6sdlvo+vZn

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Slinky/slinky_library.dll

    • Size

      18.1MB

    • MD5

      44b5e89a9f7bab889a4df60042872f17

    • SHA1

      cfc40cd4fdbda75d3ed52952c500d8ccc12f4a36

    • SHA256

      16745ae6670eba8a452a5e75fa6142564d31bd3b7d14766e04f1acb214f65703

    • SHA512

      7f18545da3e4fa726ec33345f7dc137eedf4961a1bd0582b51ee2258a6d5a115187a4e72ec3c7b6d29e33b0a4aa2560adec1833b4bda3f00a7b194ea71d95188

    • SSDEEP

      393216:kKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:HANWKRrpYrNvou7NK3uU6E29dPL

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      Slinky/slinkyhook.dll

    • Size

      228KB

    • MD5

      6d8c17c67970cb5841811eed8adffffc

    • SHA1

      c869ab32318a035e51aff8e5e11b4cd25fb52a4f

    • SHA256

      7c4234fac3b6b3e96dace1e71c7a952ec67e3839f90f7a88a9ea283bf88d25b8

    • SHA512

      7d2a0ffcd72c8bf4a96b2ed722d7119749ec14f5d7e6a601cb6ae4a5b1c4a652b694158f01da340e3ca4751cabd0a56c42bf739d8b421e36937f3691b3b80c72

    • SSDEEP

      3072:hXxN1I6PgabbAzVxPLI5oIa5amK/1o4ptgELHY1lNyc+m+e7P26g66OVuknsDe0u:hhN1GFZq/15tFc+m97ieuknsDu

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks