sliver | 5dc8b08c7e1b11abf2b6b311cd7e411db16a7c3827879c6f93bd0dac7a71d321 | Triage

Sharing

General

Target

5dc8b08c7e1b11abf2b6b311cd7e411db16a7c3827879c6f93bd0dac7a71d321
Size

43.1MB
Sample

240930-pptpssvglm
MD5

dbf5f56998705c37076b6cae5d0bfb4d
SHA1

e6ab3c595ac703afd94618d1ca1b8ebce623b21f
SHA256

5dc8b08c7e1b11abf2b6b311cd7e411db16a7c3827879c6f93bd0dac7a71d321
SHA512

ea13ef92249c731b6c08d5848a738301b19549c376a0d8cadee91ec71ed7072af0989db309895fc398a874b75fa0e3540fd5da0bcc8fbbbc59dd3a938968b9ba
SSDEEP

786432:YXPO37kcKF2LCUU7sIUT3ME0vkLpYOVdFVaglFpfTUMixExMOGwXcD7:fLkcKF24sBT3L0vkLGgLVaglDYKMOdXO

Score

10^/10

sliver backdoor discovery trojan

Malware Config

Targets

- Target
  
  printsupport/windowsprintersupport.dll
- Size
  
  50KB
- MD5
  
  1184f4fb8efae468729c62787c9ed80b
- SHA1
  
  a06e3f759dc4bee0b9badeb7a5a67dfeebbf141f
- SHA256
  
  c075c95d5153de4005f0e6804eb4f783886d10b683712ed00ef09a6629d6917a
- SHA512
  
  2ef35e76f950218f3fabb3f53244366cc7de6d61ba090f3c312eea8b7457b239daae65d05fe3a0bd2a7236afc4eb0434aec7f8042e0c5db1d118fe0e11e04f53
- SSDEEP
  
  1536:Rjw/NzbbQqgujx+DUcde+Q/Zj1VyZbueH3hfa:RjH4ude+QRj1VyZbue1a
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  python311.dll
- Size
  
  42.5MB
- MD5
  
  e20fc97e364e859a2fb58d66bc2a1d05
- SHA1
  
  f5f56413f81e8f4a941f53e42a90ba1720823f15
- SHA256
  
  9514035fea8000a664799e369ae6d3af6abfe8e5cda23cdafbede83051692e63
- SHA512
  
  8bc7913828e4baa5d210ea92f007e1b7392ca5d08300249537658506269c684ca6c9219f44c4c75dde33254a8cd3ad19135beb947507b34b5e451739271d4aca
- SSDEEP
  
  786432:XOj3kgW9W7GCWrUcmNDyEqPUV5agHLTNwEVHJzNUe65srAISE:+DkgW9WoUzND5qPUVkWPNwEVp2QAIR
Score

1^/10
behavioral3 behavioral4
- Target
  
  python311x.dll
- Size
  
  5.5MB
- MD5
  
  e2bd5ae53427f193b42d64b8e9bf1943
- SHA1
  
  7c317aad8e2b24c08d3b8b3fba16dd537411727f
- SHA256
  
  c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400
- SHA512
  
  ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036
- SSDEEP
  
  98304:AtcGVQE2EKmLX3N1fn/q+VHzMzDPFE+syIqPzlJ0:AtcGVQE2XmLX3ffGzJENyIqH0
Score

1^/10
behavioral5 behavioral6
- Target
  
  setup.exe
- Size
  
  99KB
- MD5
  
  9f12ba143f629152084c17c9cb9dc148
- SHA1
  
  ff1d704ff11695ab49074c45f05542b32ca00b9e
- SHA256
  
  24385d352b83222dc5ab92fa57b6649854ecd74de378e279d8ac20a0b3b16009
- SHA512
  
  421252c50737b3bc07f43cbcab9f34e6895d28c45027086142cb34101df6772c90aec9cc5b2d2695408c62f409bdc69260c68f7656745bb92659a6f0947c5e4d
- SSDEEP
  
  1536:IqRuhIxHHWMpdPa5wiE21M8kJIGFvb1Cwn/z5sz7SyUPx9c:IqYSwMpdCq/IM8uIGfV/z5szqx9c
Score

10^/10

sliver backdoor discovery trojan
- Sliver RAT v2
- SliverRAT
  SliverRAT is an open source Adversary Emulation Framework.
  trojan backdoor sliver
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  vcruntime140.dll
- Size
  
  78KB
- MD5
  
  1b171f9a428c44acf85f89989007c328
- SHA1
  
  6f25a874d6cbf8158cb7c491dcedaa81ceaebbae
- SHA256
  
  9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c
- SHA512
  
  99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1
- SSDEEP
  
  1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

sliverbackdoordiscoverytrojan

behavioral9

behavioral10