Behavioral task
behavioral1
Sample
Sliver 5.exe
Resource
win11-20240508-en
General
-
Target
Sliver 5.exe
-
Size
26KB
-
MD5
abd39ef226be8e578acac90675358e4f
-
SHA1
d2c4f530dfa178fcf2996fdf2d6d8c0e446054db
-
SHA256
ccb9d3a7cc935f66464aa88d4358cbd13bef0826349107d25a91950dd933174c
-
SHA512
2a68ca7049943eef8e1daad62f988607e20427fb166548bc8358c528cfec0c5cc1a1c7bfdaf98934887ca93881d9315cb1d87b2e89e1c9f98fa554904f829bf8
-
SSDEEP
384:608VP28hobaQaUMOD8kB5bgkt4yW7XPcLtPbv6nmkbfJPBfwawUZaL+3jb0quH:Dtamft+P0lSnrfJPUUZVe
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Sliver 5.exe
Files
-
Sliver 5.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ