Overview
overview
10Static
static
10Silver RAT...pi.vbs
windows10-2004-x64
1Silver RAT...er.exe
windows10-2004-x64
7Silver RAT...le.bat
windows10-2004-x64
1Silver RAT...AT.exe
windows10-2004-x64
7Silver RAT...or.dll
windows10-2004-x64
1Silver RAT...ata.js
windows10-2004-x64
1Silver RAT...oty.js
windows10-2004-x64
1Silver RAT...oty.js
windows10-2004-x64
1Silver RAT...min.js
windows10-2004-x64
1Silver RAT...min.js
windows10-2004-x64
1Silver RAT...min.js
windows10-2004-x64
1Silver RAT...ber.js
windows10-2004-x64
1Silver RAT...ogs.js
windows10-2004-x64
1Silver RAT...x.html
windows10-2004-x64
1Silver RAT...der.js
windows10-2004-x64
1Silver RAT...in.ps1
windows10-2004-x64
1Silver RAT...ers.js
windows10-2004-x64
1Silver RAT...en.ps1
windows10-2004-x64
1Silver RAT...ats.js
windows10-2004-x64
1Silver RAT...an.exe
windows10-2004-x64
1Silver RAT...px.exe
windows10-2004-x64
7Silver RAT...l3.dll
windows10-2004-x64
1Silver RAT...40.dll
windows10-2004-x64
3Silver RAT...n3.dll
windows10-2004-x64
3Silver RAT...40.dll
windows10-2004-x64
1Silver RAT...min.js
windows10-2004-x64
1Silver RAT...ats.js
windows10-2004-x64
1Silver RAT...ats.js
windows10-2004-x64
1Silver RAT...ker.js
windows10-2004-x64
1Silver RAT...ub.exe
windows10-2004-x64
10Analysis
-
max time kernel
69s -
max time network
77s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
17-11-2023 09:33
Behavioral task
behavioral1
Sample
Silver RAT V1.0/.peu/New Project 1/src/PebApi.vbs
Resource
win10v2004-20231020-en
Behavioral task
behavioral2
Sample
Silver RAT V1.0/Loader.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
Silver RAT V1.0/Server/compile.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral4
Sample
Silver RAT V1.0/Silver RAT.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
Silver RAT V1.0/SimpleObfuscator.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral6
Sample
Silver RAT V1.0/admin/dist/js/daterangepicker-data.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
Silver RAT V1.0/admin/dist/js/noty/noty.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral8
Sample
Silver RAT V1.0/admin/dist/js/noty/noty.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
Silver RAT V1.0/admin/dist/js/noty/noty.min.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral10
Sample
Silver RAT V1.0/admin/dist/js/noty/noty.min.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral11
Sample
Silver RAT V1.0/admin/dist/js/select2/select2.min.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral12
Sample
Silver RAT V1.0/admin/grabber.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
Silver RAT V1.0/admin/js/logs.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral14
Sample
Silver RAT V1.0/admin/lang-packs/index.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
Silver RAT V1.0/admin/loader.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral16
Sample
Silver RAT V1.0/admin/main.ps1
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
Silver RAT V1.0/admin/markers.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral18
Sample
Silver RAT V1.0/admin/open.ps1
Resource
win10v2004-20231025-en
Behavioral task
behavioral19
Sample
Silver RAT V1.0/admin/stats.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral20
Sample
Silver RAT V1.0/bin/clean.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral21
Sample
Silver RAT V1.0/bin/upx.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral22
Sample
Silver RAT V1.0/libs/freebl3.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral23
Sample
Silver RAT V1.0/libs/msvcp140.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral24
Sample
Silver RAT V1.0/libs/softokn3.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
Silver RAT V1.0/libs/vcruntime140.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral26
Sample
Silver RAT V1.0/stats/dist/js/select2/select2.min.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral27
Sample
Silver RAT V1.0/stats/js/stats.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral28
Sample
Silver RAT V1.0/stats/stats.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral29
Sample
Silver RAT V1.0/stats/vendors/daterangepicker/daterangepicker.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral30
Sample
Silver RAT V1.0/stub.exe
Resource
win10v2004-20231020-en
General
-
Target
Silver RAT V1.0/bin/clean.exe
-
Size
8.1MB
-
MD5
8cafb6aa586d24812ae2de9b8b063782
-
SHA1
e7c17a368dc2ac1bc8099ac99d79aff5df1a479b
-
SHA256
e72206b27993c1c08711f0bb47a86fcaaad1d5ac2901e0a5e7786275943426e1
-
SHA512
2ef18aff519d2db9284eb497720850b5cd8dd00db89dfb4ca817493c0ffcd098e66a8697cf55380ef0d0eea4322276c1e76980a34052e072fb83c223be954576
-
SSDEEP
196608:/UEH4f3fQPtvpizSY/JsdOqOmw9J0nrv/2:cY11vIz8/3
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301229_1AKKD8EG7YAB9ULZZ&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301229_1AKKD8EG7YAB9ULZZ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 458306
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19354785A83748A6A6C8D9F2079594AD Ref B: AMS04EDGE2721 Ref C: 2023-11-17T09:36:53Z
date: Fri, 17 Nov 2023 09:36:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 270754
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DD57BD417646413796D5F320F13EC93A Ref B: AMS04EDGE2721 Ref C: 2023-11-17T09:36:53Z
date: Fri, 17 Nov 2023 09:36:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301638_1CJUTRVU9329NGGEA&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301638_1CJUTRVU9329NGGEA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 595093
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9A1522D316A34B30B3F6D955A9E250C7 Ref B: AMS04EDGE2721 Ref C: 2023-11-17T09:36:53Z
date: Fri, 17 Nov 2023 09:36:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 220221
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 15D811D032164BC7AA18A8F2E4EC1921 Ref B: AMS04EDGE2721 Ref C: 2023-11-17T09:36:53Z
date: Fri, 17 Nov 2023 09:36:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 506566
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0244854C48C54AC1A5CA7442316D7AE9 Ref B: AMS04EDGE2721 Ref C: 2023-11-17T09:36:53Z
date: Fri, 17 Nov 2023 09:36:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 481315
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61B2DAE8BC0F41E1927994DF5D6FBADD Ref B: AMS04EDGE2721 Ref C: 2023-11-17T09:36:54Z
date: Fri, 17 Nov 2023 09:36:53 GMT
-
Remote address:8.8.8.8:53Request126.178.238.8.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4tls, http288.9kB 2.6MB 1905 1901
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301229_1AKKD8EG7YAB9ULZZ&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301638_1CJUTRVU9329NGGEA&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4HTTP Response
200 -
1.2kB 8.3kB 16 14
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
146.78.124.51.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
58.99.105.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
72 B 126 B 1 1
DNS Request
126.178.238.8.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa