Malware Analysis Report

2024-11-13 13:23

Sample ID 241107-dy66pswrhj
Target e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea.elf
SHA256 e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea
Tags
sliver discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea

Threat Level: Known bad

The file e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea.elf was found to be: Known bad.

Malicious Activity Summary

sliver discovery

Sliver RAT v2

Sliver family

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 03:26

Signatures

Sliver RAT v2

Description Indicator Process Target
N/A N/A N/A N/A

Sliver family

sliver

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 03:26

Reported

2024-11-07 03:28

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

137s

Max time network

138s

Command Line

[/tmp/e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea.elf]

Signatures

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea.elf N/A

Processes

/tmp/e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea.elf

[/tmp/e804e13c4e8295ffd1068b2e29c1d991090997f695c74438c067cc2dc290e6ea.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
RO 185.247.224.8:5546 tcp
RO 185.247.224.8:5546 tcp
RO 185.247.224.8:5546 tcp
RO 185.247.224.8:5546 tcp
RO 185.247.224.8:5546 tcp
RO 185.247.224.8:5546 tcp

Files

N/A