Overview

overview

10

Static

static

10

slinky/slinky.exe

windows10-ltsc 2021-x64

10

slinky/sli...ry.dll

windows10-ltsc 2021-x64

8

slinky/slinkyhook.dll

windows10-ltsc 2021-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    slinky.rar

  • Size

    26.7MB

  • Sample

    250217-yvw7jssqdr

  • MD5

    e29c4ffb3e619e03db32ffb5b050b9ab

  • SHA1

    9ae8a73f8d154b22a159e795d7862244619a2c64

  • SHA256

    493230b3cb248901173b922478af1049819668b662732c987a4d290c8bf682cb

  • SHA512

    0481ebbeaa85a201f71363df0edbb50a4b771ee080c3d49196c230f8941b9417d91f22aa47c97cdd49db7c49ad4d090446c48c66cda5d5454cbfb1181057217c

  • SSDEEP

    786432:7Ksmv3RZtcUo1rOf2U7NcVTTxe37sK+O3teSABE:7vmPRZ6RNbQI9OdgE

Score
10/10
skulddiscoverypersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1341045599763562528/FEFU_oks7qRAW2B1VavjnBoTqNy2XgZADJlF2E33Vat_T2iMqWdIWyIFSMmlSv3zvS7l

Targets

    • Target

      slinky/slinky.exe

    • Size

      14.8MB

    • MD5

      a15f639ad6f334ddccacb2ecbd03fe19

    • SHA1

      4f7cf4a736b994d00d916a8572dbac8dd02f0652

    • SHA256

      46b69ba1e32ea096b56139e74e865e187647885edd9c5e9f5643969f81d7fd38

    • SHA512

      2e5290b7a0722f09c60f537d8b60032c881c614eb1e3b85cc4c9043d29cebfb983880e00e8bb32e6d9c31e88eaed87732872730ba4d39c12c74d2a79a2cf9e8f

    • SSDEEP

      196608:sqZ4f/oCqKqc/3h4Po9LXx+29GAB7ob73mrVGwYdNE2vfUW:/Z4XoBKHL9AuM73gQDvfUW

    Score
    10/10
    skuldpersistencestealer

    • Skuld family

      skuld

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      slinky/slinky_library.dll

    • Size

      11.7MB

    • MD5

      f4f7eacab208d7b50d50f196bd3facd2

    • SHA1

      82ca056ecb89d1612df069a42952e077f7e079e1

    • SHA256

      4f35cfe4d051d56cc22dc2743024ffa0f3b4ee906b34c4336c72d71bc55de708

    • SHA512

      9b61bd125e066df121186057bcb163bfb3d8fb9ff3447963df0e9b14ab57fdf6a8d1faf61a5e75dc3e53425f541bb624b9d8b787e322ea6b675489d532b8f001

    • SSDEEP

      3:WAYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYw:z

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral2

    • Target

      slinky/slinkyhook.dll

    • Size

      228KB

    • MD5

      6d8c17c67970cb5841811eed8adffffc

    • SHA1

      c869ab32318a035e51aff8e5e11b4cd25fb52a4f

    • SHA256

      7c4234fac3b6b3e96dace1e71c7a952ec67e3839f90f7a88a9ea283bf88d25b8

    • SHA512

      7d2a0ffcd72c8bf4a96b2ed722d7119749ec14f5d7e6a601cb6ae4a5b1c4a652b694158f01da340e3ca4751cabd0a56c42bf739d8b421e36937f3691b3b80c72

    • SSDEEP

      3072:hXxN1I6PgabbAzVxPLI5oIa5amK/1o4ptgELHY1lNyc+m+e7P26g66OVuknsDe0u:hhN1GFZq/15tFc+m97ieuknsDu

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks