General

  • Target

    Silver Rat [Re Lab].7z

  • Size

    10.6MB

  • Sample

    240927-b9vwpssapa

  • MD5

    f06813aa321c43a69a04904cfa735a44

  • SHA1

    820a0f9f4c00af6ce2583218019ad14a5c5592e2

  • SHA256

    a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d

  • SHA512

    72551e22ba2db4759ad905f92f407f7e8266e363aa8627a56d8bcaea83a69a96466269358a034e626581f24c2417fa98bb0bb57472f96c2ea39b2708edaa5bb8

  • SSDEEP

    196608:vGbH8yKZWDv2mzFaZ9+j0PlI6obvU/Y0NK6HLlzcurSGBZ+pbJ:vGTiMLNaLIulI6z/YGJHp76P

Score
7/10

Malware Config

Targets

    • Target

      Silver Rat [Re Lab].7z

    • Size

      10.6MB

    • MD5

      f06813aa321c43a69a04904cfa735a44

    • SHA1

      820a0f9f4c00af6ce2583218019ad14a5c5592e2

    • SHA256

      a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d

    • SHA512

      72551e22ba2db4759ad905f92f407f7e8266e363aa8627a56d8bcaea83a69a96466269358a034e626581f24c2417fa98bb0bb57472f96c2ea39b2708edaa5bb8

    • SSDEEP

      196608:vGbH8yKZWDv2mzFaZ9+j0PlI6obvU/Y0NK6HLlzcurSGBZ+pbJ:vGTiMLNaLIulI6z/YGJHp76P

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Drops file in System32 directory

    • Target

      Silver Rat [Re Lab]/SilverRat.exe

    • Size

      25.2MB

    • MD5

      d6527f7d5f5152c3f5fff6786e5c1606

    • SHA1

      e8da82b4a3d2b6bee04236162e5e46e636310ec6

    • SHA256

      79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9

    • SHA512

      2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

    • SSDEEP

      786432:SZYRGnGvovVvAuuglekvAR4vzHcv6lHGH9KdDmvQuLGgJMKV+n9n1vgvVv2jlv1S:Ik79a

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks