sliver | download[.]sus | Triage

Sharing

General

Target

download.sus
Size

8.7MB
MD5

569589550c2818e100b926ca6134e896
SHA1

b175e637fd9239505ca7f317730a25e394680d49
SHA256

9388d2c8efe1b0754a8b3996885e57fef55bede6befbacfc0787590b4d5fb41e
SHA512

1be62d96e2e1b7790739cd5dd453f80a5e3eb34aea79961424eac32cd063295abde9d2c372548b44f6e593058ca75028e2a750cd00122a60b7f651217588c6b5
SSDEEP

49152:WirFVQv0q86rb/T/vO90d7HjmAFd4A64nsfJHIBVJumGS8127SUQ3GysbjHrGY3c:q8MBDe0L3YLVXvEPTOPDB

Score

10^/10

sliver

Malware Config

Signatures

Sliver RAT v2 1 IoCs

resource	yara_rule
sample	SliverRAT_v2

Sliver family
sliver

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
download.sus

Files

download.sus
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 299KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ