General
-
Target
SilverBullet.1.4.1.Pro.rar
-
Size
230.9MB
-
Sample
240809-je4jcsxgrl
-
MD5
f73c39df8a1c5c4677d2e9f0851b7634
-
SHA1
c21efbbc4c4e9ea5e48f4f78466ba5b913a1de90
-
SHA256
4733635d70177010904bcbd932f96a2a86fa4cf8551fd9c933e6b4e990263b18
-
SHA512
5cc2e4f796a8cfeede1ad85d450f154f7c2fa5613185c0cd44610e092baee6dd32ffc409253162ea1b36bf67c350ca8f34af01a8e53b8bd4e18f2075f769f402
-
SSDEEP
6291456:6E++BVqH9nMaArtALMhkGPx9ohEE140VbhMDyv:6EBBVqH9gtPxx9OVdhhayv
Behavioral task
behavioral1
Sample
SilverBullet 1.4.1 [Pro]/SilverBulletPro.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SilverBullet 1.4.1 [Pro]/SilverBulletPro.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
SilverBullet 1.4.1 [Pro]/SilverBulletPro.exe
-
Size
582KB
-
MD5
7792204600db976484caa3992b121b30
-
SHA1
9b343f3c67b13d9632ed862ee010a2aff0c6810c
-
SHA256
a1a301d6a034b7a656b955d18191cd817f255a918d92994678728a5b1b0367e8
-
SHA512
bd711debe936b21130dfdd273a117cb0c5d31bfc972dbe89827546c4210d6b19aaf6ce287ff502112c9796be07300147079f29ef334fdd1691dfded0e9f98920
-
SSDEEP
12288:Qtzww69TdCahIRMJuAfki/U7vsBqpq/S1Q:owNTd16M0/i/U7vqqpU
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2