Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SilverClient.exe
-
Size
43KB
-
Sample
240903-xy8t3swara
-
MD5
16edc9184a4f2e4c18200304594d43d9
-
SHA1
9328f1016cf247a13b110d6ece2826ba4ad5a8cf
-
SHA256
be652d4e5771a47651e037776bbd47e90d3ab7de28e61e3c86abfc4b76c813dd
-
SHA512
196f4c9b55d2883b4c7364aca90741a9e606952e2c798b2c4075a661768dab274b5b6683280404ff31eed98a11003991c67f7af4d61cf48dd131e7365a3cf74d
-
SSDEEP
768:UsvI7cIxr7BcD1wjWxYQ4xJNHVR8kq/5h34vCvZPxaxP4RULQv9S6HPz1QB6Si/o:UsvwcIxrgwkbcrq/5xcl4Gsv9j71QoJg
Malware Config
Targets
-
-
Target
SilverClient.exe
-
Size
43KB
-
MD5
16edc9184a4f2e4c18200304594d43d9
-
SHA1
9328f1016cf247a13b110d6ece2826ba4ad5a8cf
-
SHA256
be652d4e5771a47651e037776bbd47e90d3ab7de28e61e3c86abfc4b76c813dd
-
SHA512
196f4c9b55d2883b4c7364aca90741a9e606952e2c798b2c4075a661768dab274b5b6683280404ff31eed98a11003991c67f7af4d61cf48dd131e7365a3cf74d
-
SSDEEP
768:UsvI7cIxr7BcD1wjWxYQ4xJNHVR8kq/5h34vCvZPxaxP4RULQv9S6HPz1QB6Si/o:UsvwcIxrgwkbcrq/5xcl4Gsv9j71QoJg
Score8/10-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1