Overview
overview
10Static
static
10SilverBulletPro.exe
windows7-x64
7SilverBulletPro.exe
windows10-2004-x64
8errorlog.exe
windows7-x64
1errorlog.exe
windows10-2004-x64
1host.exe
windows7-x64
7host.exe
windows10-2004-x64
8x64/expections.exe
windows7-x64
7x64/expections.exe
windows10-2004-x64
8x64/lepton....0.dll
windows7-x64
1x64/lepton....0.dll
windows10-2004-x64
1x64/runtime.exe
windows7-x64
7x64/runtime.exe
windows10-2004-x64
7x64/tesseract53.dll
windows7-x64
1x64/tesseract53.dll
windows10-2004-x64
1General
-
Target
SilverBullet 1.4.1 [Pro].zip
-
Size
42.3MB
-
Sample
241004-n13amssdpp
-
MD5
919770fb7387818cf80cb79bb53bbb0c
-
SHA1
fd8c22185f28d6585225295884cb1495dad44cdd
-
SHA256
cf44f5c1dc5bfccb23436149f3de5f4292fc141a9ec7f5349c5e31b2b483c176
-
SHA512
263081395c4239c5a6aeaae6903d97d7675e6d4875069d128b842074575e906cf255fb3394420b99a75243e70d4bbf35123801f4b26be29acaaaa74d27e4bcfb
-
SSDEEP
786432:wTSVngzDC5rtFu4gUTg0NzoGQPTO1MJTKT9uoq7NbqklvyaoAH1Gftmmo0:LceFu32OPa1LqZmklq2oZ
Behavioral task
behavioral1
Sample
SilverBulletPro.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SilverBulletPro.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
errorlog.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
errorlog.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
host.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
host.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
x64/expections.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
x64/expections.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
x64/leptonica-1.82.0.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
x64/leptonica-1.82.0.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
x64/runtime.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
x64/runtime.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
x64/tesseract53.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
x64/tesseract53.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
SilverBulletPro.exe
-
Size
582KB
-
MD5
7792204600db976484caa3992b121b30
-
SHA1
9b343f3c67b13d9632ed862ee010a2aff0c6810c
-
SHA256
a1a301d6a034b7a656b955d18191cd817f255a918d92994678728a5b1b0367e8
-
SHA512
bd711debe936b21130dfdd273a117cb0c5d31bfc972dbe89827546c4210d6b19aaf6ce287ff502112c9796be07300147079f29ef334fdd1691dfded0e9f98920
-
SSDEEP
12288:Qtzww69TdCahIRMJuAfki/U7vsBqpq/S1Q:owNTd16M0/i/U7vqqpU
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
errorlog.exe
-
Size
613KB
-
MD5
ab216b4212f3f27e41b26259a830c777
-
SHA1
e2550a35cf1e4f6f08e28c43a6437fad6cc60711
-
SHA256
62ef275d396e894861167bd16ffa5fa78773f698447b51315ad84c9c5ff1f0d6
-
SHA512
d9b20fa1e0714232b9ad6683951991da3da98c294f8e62b441557b062229bd0a19e127a8e071a30b4033932bb400a4853f7866e3774f134f50538b95b5535bb6
-
SSDEEP
12288:hDToXd0Y8NahIRMJuAfki/U7vsBqpq/S1:xoz8A6M0/i/U7vqqp
Score1/10 -
-
-
Target
host.exe
-
Size
6.9MB
-
MD5
906e8cc6ac10240f8eeae1638a610575
-
SHA1
e13f28d6c04107f533dff9583cc65464263292de
-
SHA256
3758473eb45e5d8b24d6c2a36d65b10a71652a2accd7ce6fba916b24e754a77e
-
SHA512
2a73ea78a0bab159ba952af5223d573afc1ef683813cda6b7d4e6a5f53b5f2f40447b3b9e25cd31f4b7139fd3be8343041153b874d7cb37fcd4e77bcec3d91fa
-
SSDEEP
98304:lRmDjWM8JEE1rdAamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeR8YKJJcGhEIK:l00NBeNTfm/pf+xk4dWR8trbWOjgs+P
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
x64/expections.exe
-
Size
49.1MB
-
MD5
e31a089b094ea6538148195df6ca7673
-
SHA1
9c6b3139d64f45907dc4cb51fdd1dc0347842f93
-
SHA256
2f209ea2d5c80892a323bd77a301de210026fb6d0d4bac2ea680f57830095d91
-
SHA512
0ae70e86ce8d5864ea6da33334343133a7bf13da2be4c19dc19ed2120d8fc0e94029d671ce9be56866c6b47d64e72ddce98ae089d0f085784a862b9523f48ec9
-
SSDEEP
393216:VMh9Sl6eQnIhATeD+C/pW/cRhuX9BVeZW2pRR5uH6+:M9kQI+qD+C/pWsuX/eZ4a
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
x64/leptonica-1.82.0.dll
-
Size
3.9MB
-
MD5
497e0275a17d6524542fd4191bbadeea
-
SHA1
c7cc2a6f38391680bffa67588829802efef4c7d4
-
SHA256
a477273302efc8ad7f82fc3c0d33f54626a26a66e933d03699cd921aa35ff012
-
SHA512
91876dbd7cd42c7fa740d508d6fb7ad0d31bde6524fe4d474d3662ddf4bcab2742d8c27482a6b6c220f3bc7d10189f91b0ce6711723adf753f788fd705636749
-
SSDEEP
49152:mswZaNhoxIIoJ2YQ8km8I72iHWj1nbH8n2akRhd0VtXOBxYd5NNNT/Q8mI7G2U5W:ph8p1bHAuYd/NNTJ
Score1/10 -
-
-
Target
x64/runtime.exe
-
Size
13.2MB
-
MD5
a4fd5040db03f0c04306ab7824320269
-
SHA1
32a4e4f1c7d0c0fe1be81bddecafeb2303a8227b
-
SHA256
52c7c34bcc42c907a275f706cde7c03eab24287f3aec081f0bd88780de131e7c
-
SHA512
ca00c6c4cbd5dab079ce204f9adabba1c748869d79a172bdf8aa434aa97de4c3627273208ecd970159eae432e5e3bf69e7e860a9cae07e5a7918c98cd1d0e9c2
-
SSDEEP
393216:AIEkZgf8iq1+TtIiFGvvB5IjWqn6eCz1lypRXiWCoaa:rRbiq1QtIZX3ILn6esyaVoaa
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
x64/tesseract53.dll
-
Size
2.6MB
-
MD5
273038c2b425b6b089a172efca63e128
-
SHA1
288fe02355f1da5102645f7743ebd9934ea6871f
-
SHA256
bd5444629d4bbe297c3bde98efbc9c0ffe8eb2660a0b051d44841b7fd2430a39
-
SHA512
9f34bafaa997394f835671b365b526a6dae666e1d09d03bc6342671eee1b16ffe97036799cefb7d9e040042ae4c0ff813296480937d6c3fd43e7e0fda99e1f27
-
SSDEEP
49152:4sqZW+PFy5JRo1NFtzVnqwnC1bGnlVl//vV9qdx20FH6dk6UV+:tcDZjAKntgZz6UV
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3