Overview

overview

10

Static

static

3

SilverRAT_Cracked.zip

windows7-x64

10

SilverRAT_Cracked.zip

windows10-1703-x64

7

SilverRAT_Cracked.zip

windows10-2004-x64

1

SilverRAT_Cracked.zip

windows11-21h2-x64

1

Resubmissions

05-12-2023 01:47

231205-b7xmhsgf5v 10

02-12-2023 16:12

231202-tnjknadh2w 7

Analysis

  • max time kernel
    306s
  • max time network
    306s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2023 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SilverRAT_Cracked.zip

  • Size

    19.9MB

  • MD5

    16ec66ff42a4dc6de8378d24cb6162df

  • SHA1

    0755d6015feb665554a7568246cd1119d90e6007

  • SHA256

    4d8ba52f4b0199bec10b90f156a7f56c87200d94c1bbff2f4c6ba53bea4b51ac

  • SHA512

    5fcd035491bb75039dfdcafd54bc86e7aa524cd88d5a04b13757f23a006ec902f564f08ac59c9bb34cb2a059c09d69058883ea8b1dba622134d48544bc108838

  • SSDEEP

    393216:rO+hpxoY/hFNqfeHJVOUQrSmQoKMn2ruEfxaPHD4dzu1zDrh7txMDKIZ/YnS:rO+zxdprpVOUSTpKDhfsPj7N7tGDDZgS

Score
10/10
agentteslaasyncratkeyloggerratspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • AgentTesla payload 1 IoCs
  • Async RAT payload 2 IoCs
    rat
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SilverRAT_Cracked.zip
    1⤵
      PID:2424
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2324
      • C:\Program Files\7-Zip\7zFM.exe
        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\SilverRAT_Cracked.zip"
        1⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2888
      • C:\Users\Admin\Desktop\SilverRAT.exe
        "C:\Users\Admin\Desktop\SilverRAT.exe"
        1⤵
        • Executes dropped EXE
        • Enumerates system info in registry
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2560
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:2204
        • C:\Users\Admin\Desktop\SilverRAT.exe
          "C:\Users\Admin\Desktop\SilverRAT.exe"
          1⤵
          • Executes dropped EXE
          • Enumerates system info in registry
          • Modifies registry class
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          PID:2592
        • C:\Windows\system32\wbem\WmiApSrv.exe
          C:\Windows\system32\wbem\WmiApSrv.exe
          1⤵
            PID:764
          • C:\Windows\SysWOW64\DllHost.exe
            C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
            1⤵
              PID:1664

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\TmpBB34.tmp
              Filesize

              4KB

              MD5

              e1a48ec781542ab4f0d3a3368b2a1d05

              SHA1

              a35670f07e5320a1591a55d903b35dcdd1d224a1

              SHA256

              f41d8818774f3ec0bf936e564f50008b46f5e4060edaab3bd72ffa389fb9ef21

              SHA512

              d3e756d8b321d38962a7b36af617d152e9bfd499b31f1630a24ada435715ad81a29ab73e4ab4aa21bbc9029b4177a943303e7df922bf375c2583607cb6f6566a

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3470981204-343661084-3367201002-1000\993debe3f607df3ce4d4ef291bcf4977_5bdc9f80-eb58-42dc-b2cb-c7f4cc7ae5f6
              Filesize

              3KB

              MD5

              d4057e02d7a73c0f96748def4072d381

              SHA1

              4dcc074df8483904c9340135077da8375031b984

              SHA256

              0e2acb6ecc5e99061ecd6faec400c63d08262b5469eba5e45c1707c2e85232c3

              SHA512

              c36202d64ab45ea17032458551fe212406bcbfc083a27fd3db64a2d00a7234ed2e3e3e42d5ca511696c269090e1ea5281ddac45523b3b0db91aca63bb7a4ec54

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\Monitor.xml
              Filesize

              25B

              MD5

              596ac840f0e04b8056a6107a0eb65346

              SHA1

              d2d009a5caf0a9298d5ef6f6aa936374fe66fc9c

              SHA256

              9a7631592783caf01a542e6c96aa267142b3be39947f8045e5655af9f8017387

              SHA512

              0e87b5e053d48b654e83ad7397f89437251d3173973e48c34c2ecce557d337fff66464d48319693e73786cdaea7337952a38857ce21b257a0ea49ca8cf420bcc

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\Notifcation.xml
              Filesize

              385B

              MD5

              c15dc1ae9b61deba9686750ba7cd1837

              SHA1

              cd358e23062373da5815b2aee6157ace3cc82ac0

              SHA256

              eb3cc1e121bfec51d0d68ed48428e52c57787429a49a0aa18f9bf0a2f21b43eb

              SHA512

              4e8dc2084ec42cd2aeef08eb1f83304de7464d96321ca2793e982aeae1811b85700b63db9076c56db5fa60ceb44f36f74a5d0a3b3c4914f94e8ecdfa56eb3d5c

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\Settings.xml
              Filesize

              497B

              MD5

              682c8d3b15ee9eee7bad14e649fabbe6

              SHA1

              9f7caf28aab0a37118a53a68abb52211e9488bd1

              SHA256

              a938fe117a71d124214206b16a032b817739fcd9ceaa4108e3dc82aac4001b63

              SHA512

              a833847842e6495bfcea6be4d35acd6a93329cd229d18eb6dd28625542957dddfaf928dc7635981e5078b06dfaa351b3839e194207a16c4a763ac956c59142da

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\Settings.xml
              Filesize

              497B

              MD5

              682c8d3b15ee9eee7bad14e649fabbe6

              SHA1

              9f7caf28aab0a37118a53a68abb52211e9488bd1

              SHA256

              a938fe117a71d124214206b16a032b817739fcd9ceaa4108e3dc82aac4001b63

              SHA512

              a833847842e6495bfcea6be4d35acd6a93329cd229d18eb6dd28625542957dddfaf928dc7635981e5078b06dfaa351b3839e194207a16c4a763ac956c59142da

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\Settings.xml
              Filesize

              498B

              MD5

              7105e32f4f78958134ba187d4cc0979f

              SHA1

              e66f97fc9ccb7894c9db76cd74245eed03113c50

              SHA256

              0033ba6a35865198026cead89e8f1164fc154b036fde454ad15881a421b69da3

              SHA512

              735647f3559f204038af69b9275eebb3dbd3429841a2c22836101d0abd95da3903f7135f95b74f82a1f3c43a751045296682baf5280209bcc568322704dc16c1

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\Settings.xml
              Filesize

              498B

              MD5

              b4cc1a8c4b2660480068dd4c40339867

              SHA1

              f2a63e7f04527a16e32f8c9183b417845dcdbb0f

              SHA256

              3d3e94fa1814c3b7b2ccb9abc9136adf7fc49a01a2383d730c8c182f32c7d21a

              SHA512

              863a7fd078e9d74fe612767bc925742567ab4ffbb2cffc6d21d2d9dbc9015341202b28362f45d46e975ece4bf249a4e34e81be85a11b23ca0e7535b5b2a93dad

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\SocketPort.xml
              Filesize

              57B

              MD5

              9851f1c59eddcfd01d468646e54e23ee

              SHA1

              9531f5e37b1412431b8862f846c704fd8cdf9e57

              SHA256

              890dfcd54a23c360bb6bf0773d380bce9903f4980cfe218508538e7a578c2989

              SHA512

              808b354de380f0d9893db5c9b558b33a823beb3eb6b8b951a4d4d54e1ca7d0fe3bfaa92ef4329c4554ca341971d9a5d68dead0896d347d4be5765c27bd434c14

              Download Submit

            • C:\Users\Admin\Desktop\Profiles\SocketPort.xml
              Filesize

              57B

              MD5

              9851f1c59eddcfd01d468646e54e23ee

              SHA1

              9531f5e37b1412431b8862f846c704fd8cdf9e57

              SHA256

              890dfcd54a23c360bb6bf0773d380bce9903f4980cfe218508538e7a578c2989

              SHA512

              808b354de380f0d9893db5c9b558b33a823beb3eb6b8b951a4d4d54e1ca7d0fe3bfaa92ef4329c4554ca341971d9a5d68dead0896d347d4be5765c27bd434c14

              Download Submit

            • C:\Users\Admin\Desktop\Resources\Logo\Bunifu.UI.WinForms.BunifuLabel.photo
              Filesize

              354KB

              MD5

              75095ba0f4bea4e8ef020c6979ee1fd7

              SHA1

              f457cbb43d646a04f9d59207ff77091337217646

              SHA256

              040655fecce4cdc0ac7b28967abcd16590c6650accc43f117d73dcc521c2e388

              SHA512

              430c22d598b874172c7e71fce43219af1c531408eb62841a54cdff6d6919a063a5507f289438da0347bddc03b4420ec401e83bb95aed250a78471d635942f2f7

              Download Submit

            • C:\Users\Admin\Desktop\SilverRAT.exe
              Filesize

              19.9MB

              MD5

              5f7063dedfda5c9d99fed5a824cecaf3

              SHA1

              78810dae4c4e8f2732d9e368e38544ffea0d8484

              SHA256

              a9fa8e14080792b67a12f682a336c0ea9ff463bbcb27955644c6fcaf80023641

              SHA512

              c619d216e4b8db978ffdf3dca10048d582bf0e35fc56b8240b73228363cebb119b19ea14a5a7166f196fc9ea2f11cd1727b8badd077a911e0237d4a3bfa6201a

              Download Submit

            • C:\Users\Admin\Desktop\SilverRAT.exe
              Filesize

              19.9MB

              MD5

              5f7063dedfda5c9d99fed5a824cecaf3

              SHA1

              78810dae4c4e8f2732d9e368e38544ffea0d8484

              SHA256

              a9fa8e14080792b67a12f682a336c0ea9ff463bbcb27955644c6fcaf80023641

              SHA512

              c619d216e4b8db978ffdf3dca10048d582bf0e35fc56b8240b73228363cebb119b19ea14a5a7166f196fc9ea2f11cd1727b8badd077a911e0237d4a3bfa6201a

              Download Submit

            • memory/2560-190-0x0000000009C20000-0x0000000009C42000-memory.dmp

              Filesize

              136KB

              Download

            • memory/2560-208-0x000000000DC00000-0x000000000DC3E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/2560-67-0x0000000008300000-0x0000000008301000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-70-0x0000000010000000-0x0000000010005000-memory.dmp

              Filesize

              20KB

              Download

            • memory/2560-71-0x0000000008360000-0x0000000008361000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-69-0x0000000008310000-0x0000000008311000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-61-0x0000000010000000-0x0000000010005000-memory.dmp

              Filesize

              20KB

              Download

            • memory/2560-73-0x0000000008200000-0x0000000008201000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-78-0x0000000010000000-0x0000000010005000-memory.dmp

              Filesize

              20KB

              Download

            • memory/2560-82-0x00000000082F0000-0x00000000082F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-83-0x00000000082E0000-0x00000000082E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-84-0x00000000082C0000-0x00000000082C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-85-0x00000000082A0000-0x00000000082A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-86-0x0000000077830000-0x0000000077831000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-75-0x0000000010000000-0x0000000010005000-memory.dmp

              Filesize

              20KB

              Download

            • memory/2560-87-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-88-0x0000000008DA0000-0x0000000009C5E000-memory.dmp

              Filesize

              14.7MB

              Download

            • memory/2560-89-0x00000000082D0000-0x00000000082D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-91-0x0000000008220000-0x0000000008221000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-92-0x0000000008230000-0x0000000008231000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-94-0x0000000008DA0000-0x0000000009C5E000-memory.dmp

              Filesize

              14.7MB

              Download

            • memory/2560-96-0x0000000008270000-0x0000000008271000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-93-0x0000000008260000-0x0000000008261000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-98-0x0000000008DA0000-0x0000000009C5E000-memory.dmp

              Filesize

              14.7MB

              Download

            • memory/2560-113-0x0000000008320000-0x0000000008321000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-114-0x0000000008330000-0x0000000008331000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-115-0x00000000094D0000-0x00000000094DA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2560-117-0x00000000094D0000-0x00000000094DA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2560-120-0x00000000094D0000-0x00000000094DA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2560-123-0x00000000094D0000-0x00000000094DA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2560-130-0x00000000741B0000-0x0000000074230000-memory.dmp

              Filesize

              512KB

              Download

            • memory/2560-132-0x00000000094E0000-0x00000000094EA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2560-138-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-65-0x0000000008240000-0x0000000008241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-192-0x0000000074470000-0x0000000074B5E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2560-194-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-196-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-198-0x00000000059A0000-0x0000000005AB7000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2560-205-0x000000000D330000-0x000000000D526000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2560-206-0x000000000DD40000-0x000000000DF92000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/2560-207-0x000000000DF90000-0x000000000E0E6000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/2560-64-0x0000000010000000-0x0000000010005000-memory.dmp

              Filesize

              20KB

              Download

            • memory/2560-209-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-210-0x000000000F830000-0x000000000F930000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/2560-211-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-212-0x00000000082B0000-0x00000000082B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-213-0x0000000008250000-0x0000000008251000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-237-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-239-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-240-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-241-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-242-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-243-0x0000000005AC0000-0x0000000005B00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2560-244-0x000000000F830000-0x000000000F930000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/2560-260-0x00000000059A0000-0x0000000005AB7000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2560-261-0x0000000074470000-0x0000000074B5E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2560-47-0x0000000074470000-0x0000000074B5E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2560-48-0x00000000059A0000-0x0000000005AB7000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2560-49-0x00000000059A0000-0x0000000005AB7000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2560-51-0x00000000059A0000-0x0000000005AB7000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2560-50-0x00000000059A0000-0x0000000005AB7000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2560-56-0x0000000003260000-0x0000000003261000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2560-63-0x0000000008210000-0x0000000008211000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-408-0x00000000018F0000-0x0000000001930000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2592-300-0x0000000008220000-0x0000000008221000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-409-0x0000000074440000-0x0000000074B2E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2592-410-0x00000000018F0000-0x0000000001930000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2592-299-0x00000000018F0000-0x0000000001930000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2592-321-0x0000000008320000-0x0000000008321000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-345-0x00000000018F0000-0x0000000001930000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2592-407-0x00000000018F0000-0x0000000001930000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2592-263-0x0000000074440000-0x0000000074B2E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2592-297-0x00000000082A0000-0x00000000082A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-302-0x0000000008260000-0x0000000008261000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-295-0x00000000082E0000-0x00000000082E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-294-0x0000000003370000-0x0000000003371000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-293-0x0000000008360000-0x0000000008361000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-292-0x0000000008300000-0x0000000008301000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-291-0x0000000008240000-0x0000000008241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2592-265-0x0000000005DB0000-0x0000000005EC7000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2592-296-0x00000000082C0000-0x00000000082C1000-memory.dmp

              Filesize

              4KB

              Download