sliver | 2024-10-08_bc42f51237fd41c10d45354a0490f64d_poet-rat_sliver_snatch | Triage

Sharing

General

Target

2024-10-08_bc42f51237fd41c10d45354a0490f64d_poet-rat_sliver_snatch
Size

15.0MB
MD5

bc42f51237fd41c10d45354a0490f64d
SHA1

60c5d7a1ba35e47584c8075c9ca5f502fe3c21e7
SHA256

c9350b074dd4de8abb4db03b4dede4d1590a713638bdc46bb23107642cf9c231
SHA512

d94998a6d31adcbf268ffb42c1ae088df4ccfdf87bd4bd1365e5a715ea4c64c8b106129b0b795ea5c7cca6f1124cbb2382a2618353b9035f2e0f634841c4d8b5
SSDEEP

98304:/Nl3YEaX6mn353TfsbHCTrwjhyURRC2zlc+Ehv/0yjEStnLW7lCL:/YE03NTiM8jAURRC2zlc+Ehv/0ywSvL

Score

10^/10

sliver

Malware Config

Signatures

Sliver RAT v2 1 IoCs

Processes:

resource	yara_rule
sample	SliverRAT_v2

Sliver family
sliver

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-10-08_bc42f51237fd41c10d45354a0490f64d_poet-rat_sliver_snatch

Files

2024-10-08_bc42f51237fd41c10d45354a0490f64d_poet-rat_sliver_snatch
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ