Overview
overview
7Static
static
7Silver Rat...ng.dll
windows11-21h2-x64
1Silver Rat/Loader.exe
windows11-21h2-x64
7Silver Rat...on.dll
windows11-21h2-x64
1Silver Rat...ra.dll
windows11-21h2-x64
1Silver Rat...at.dll
windows11-21h2-x64
1Silver Rat...ps.dll
windows11-21h2-x64
1Silver Rat...er.dll
windows11-21h2-x64
1Silver Rat...DP.dll
windows11-21h2-x64
1Silver Rat...NC.dll
windows11-21h2-x64
1Silver Rat...er.dll
windows11-21h2-x64
1Silver Rat...er.dll
windows11-21h2-x64
1Silver Rat...ns.dll
windows11-21h2-x64
1Silver Rat...rm.dll
windows11-21h2-x64
1Silver Rat...ds.dll
windows11-21h2-x64
1Silver Rat...PP.dll
windows11-21h2-x64
1Silver Rat...DP.dll
windows11-21h2-x64
1Silver Rat...om.dll
windows11-21h2-x64
1Silver Rat...xy.dll
windows11-21h2-x64
1Silver Rat...ET.dll
windows11-21h2-x64
1Silver Rat...rp.dll
windows11-21h2-x64
1Silver Rat...at.exe
windows11-21h2-x64
7Silver Rat...rs.dll
windows11-21h2-x64
1Silver Rat...le.dll
windows11-21h2-x64
1Silver Rat...ry.dll
windows11-21h2-x64
1Silver Rat...rs.dll
windows11-21h2-x64
1Silver Rat...to.dll
windows11-21h2-x64
1Silver Rat....3.dll
windows11-21h2-x64
1Silver Rat...ms.dll
windows11-21h2-x64
1Silver Rat/cgeoip.dll
windows11-21h2-x64
1Silver Rat...i2.dll
windows11-21h2-x64
1Silver Rat...re.dll
windows11-21h2-x64
1Silver Rat...et.dll
windows11-21h2-x64
1Analysis
-
max time kernel
447s -
max time network
1172s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-04-2024 02:05
Behavioral task
behavioral1
Sample
Silver Rat/Bunifu.Licensing.dll
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
Silver Rat/Loader.exe
Resource
win11-20240412-en
Behavioral task
behavioral3
Sample
Silver Rat/Newtonsoft.Json.dll
Resource
win11-20240412-en
Behavioral task
behavioral4
Sample
Silver Rat/Plugins/Camera.dll
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
Silver Rat/Plugins/Chat.dll
Resource
win11-20240412-en
Behavioral task
behavioral6
Sample
Silver Rat/Plugins/HApps.dll
Resource
win11-20240412-en
Behavioral task
behavioral7
Sample
Silver Rat/Plugins/HBrowser.dll
Resource
win11-20240412-en
Behavioral task
behavioral8
Sample
Silver Rat/Plugins/HRDP.dll
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
Silver Rat/Plugins/HVNC.dll
Resource
win11-20240412-en
Behavioral task
behavioral10
Sample
Silver Rat/Plugins/Keylogger.dll
Resource
win11-20240412-en
Behavioral task
behavioral11
Sample
Silver Rat/Plugins/Manager.dll
Resource
win11-20240412-en
Behavioral task
behavioral12
Sample
Silver Rat/Plugins/Options.dll
Resource
win11-20240412-en
Behavioral task
behavioral13
Sample
Silver Rat/Plugins/OptionsForm.dll
Resource
win11-20240412-en
Behavioral task
behavioral14
Sample
Silver Rat/Plugins/Passwords.dll
Resource
win11-20240412-en
Behavioral task
behavioral15
Sample
Silver Rat/Plugins/RAPP.dll
Resource
win11-20240412-en
Behavioral task
behavioral16
Sample
Silver Rat/Plugins/RDP.dll
Resource
win11-20240412-en
Behavioral task
behavioral17
Sample
Silver Rat/Plugins/Ransom.dll
Resource
win11-20240412-en
Behavioral task
behavioral18
Sample
Silver Rat/Plugins/ReverseProxy.dll
Resource
win11-20240412-en
Behavioral task
behavioral19
Sample
Silver Rat/Plugins/ScanNET.dll
Resource
win11-20240412-en
Behavioral task
behavioral20
Sample
Silver Rat/RestSharp.dll
Resource
win11-20240412-en
Behavioral task
behavioral21
Sample
Silver Rat/SilverRat.exe
Resource
win11-20240412-en
Behavioral task
behavioral22
Sample
Silver Rat/System.Buffers.dll
Resource
win11-20240412-en
Behavioral task
behavioral23
Sample
Silver Rat/System.Collections.Immutable.dll
Resource
win11-20240412-en
Behavioral task
behavioral24
Sample
Silver Rat/System.Memory.dll
Resource
win11-20240412-en
Behavioral task
behavioral25
Sample
Silver Rat/System.Numerics.Vectors.dll
Resource
win11-20240412-en
Behavioral task
behavioral26
Sample
Silver Rat/bouncycastle.crypto.dll
Resource
win11-20240412-en
Behavioral task
behavioral27
Sample
Silver Rat/bunifu.ui.winforms.1.5.3.dll
Resource
win11-20240412-en
Behavioral task
behavioral28
Sample
Silver Rat/bunifu.ui.winforms.dll
Resource
win11-20240412-en
Behavioral task
behavioral29
Sample
Silver Rat/cgeoip.dll
Resource
win11-20240412-en
Behavioral task
behavioral30
Sample
Silver Rat/guna.ui2.dll
Resource
win11-20240412-en
Behavioral task
behavioral31
Sample
Silver Rat/protobuf-net.core.dll
Resource
win11-20240412-en
Behavioral task
behavioral32
Sample
Silver Rat/protobuf-net.dll
Resource
win11-20240412-en
General
-
Target
Silver Rat/SilverRat.exe
-
Size
25.7MB
-
MD5
f32b6857259b5a94830d087559b5370a
-
SHA1
a6f79e840ce7c3ab28428cc18d41e4286899b33b
-
SHA256
7fbd062f70148d59c94c603191c5cdb4f62d70f2dfaf1ba519ed1af4a0a05d97
-
SHA512
4289267c9db4aa92d9a95f8fa97760e0e77c387c2b32419656b7b19f92ebb4356679be9cba3b77fe5e0cb64696c598e761c0bdce64a45bf8652824b77e27cb49
-
SSDEEP
786432:HZYRGnGvovVvAuuglekvAR4vzHcv6lHGH9KdDmvQuLGgJMKV+n9n1vgvVv2jlv1R:vk79a5
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Loader.exeSilverRat.exepid process 3828 Loader.exe 404 SilverRat.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2012 404 WerFault.exe SilverRat.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
SilverRat.exedescription pid process target process PID 1544 wrote to memory of 3828 1544 SilverRat.exe Loader.exe PID 1544 wrote to memory of 3828 1544 SilverRat.exe Loader.exe PID 1544 wrote to memory of 3828 1544 SilverRat.exe Loader.exe PID 1544 wrote to memory of 404 1544 SilverRat.exe SilverRat.exe PID 1544 wrote to memory of 404 1544 SilverRat.exe SilverRat.exe PID 1544 wrote to memory of 404 1544 SilverRat.exe SilverRat.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Silver Rat\SilverRat.exe"C:\Users\Admin\AppData\Local\Temp\Silver Rat\SilverRat.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1544 -
C:\Users\Admin\AppData\Local\Temp\Loader.exe"C:\Users\Admin\AppData\Local\Temp\Loader.exe"2⤵
- Executes dropped EXE
PID:3828 -
C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"2⤵
- Executes dropped EXE
PID:404 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 9043⤵
- Program crash
PID:2012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 404 -ip 4041⤵PID:3036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
490KB
MD59c9245810bad661af3d6efec543d34fd
SHA193e4f301156d120a87fe2c4be3aaa28b9dfd1a8d
SHA256f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478
SHA51290d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767
-
Filesize
25.2MB
MD5d6527f7d5f5152c3f5fff6786e5c1606
SHA1e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA25679a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA5122b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f