Malware Analysis Report

2024-11-13 13:23

Sample ID 241106-n4kvrsynev
Target stager.woff.elf
SHA256 e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea
Tags
sliver discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea

Threat Level: Known bad

The file stager.woff.elf was found to be: Known bad.

Malicious Activity Summary

sliver discovery

Sliver RAT v2

Sliver family

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-06 11:57

Signatures

Sliver RAT v2

Description Indicator Process Target
N/A N/A N/A N/A

Sliver family

sliver

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-06 11:57

Reported

2024-11-06 11:59

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

148s

Max time network

150s

Command Line

[/tmp/stager.woff.elf]

Signatures

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/stager.woff.elf N/A

Processes

/tmp/stager.woff.elf

[/tmp/stager.woff.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
RO 185.247.224.8:5546 tcp
RO 185.247.224.8:5546 185.247.224.8 tcp
RO 185.247.224.8:5546 185.247.224.8 tcp

Files

N/A