Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1268313369623007305/1268315150658703484/self_extracting_PC-4C4C4544-0034-3710-8058-CAC04F59344A.exe?ex=66abfa08&is=66aaa888&hm=0141752d6bddb0c20bbe01f932ee48771bfb0206e2418b6fd5b4d682366862b0&

  • Sample

    240731-z2plqatcqk

Score
10/10
sliverbackdoordefense_evasiondiscoveryexecutiontrojan

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1268313369623007305/1268315150658703484/self_extracting_PC-4C4C4544-0034-3710-8058-CAC04F59344A.exe?ex=66abfa08&is=66aaa888&hm=0141752d6bddb0c20bbe01f932ee48771bfb0206e2418b6fd5b4d682366862b0&

    Score
    10/10
    sliverbackdoordefense_evasiondiscoveryexecutiontrojan

    • Sliver RAT v2

    • SliverRAT

      SliverRAT is an open source Adversary Emulation Framework.

      trojanbackdoorsliver

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks