sliver | 311b845f45e0a066fbebcc3b75fe94cdcd2c4578634345f254b93f9c3dfc48b2 | Triage

Submit
Reports

Overview

overview

Static

static

8

311b845f45...b2.xls

windows7-x64

311b845f45...b2.xls

windows10-2004-x64

Sharing

General

Target

311b845f45e0a066fbebcc3b75fe94cdcd2c4578634345f254b93f9c3dfc48b2
Size

46KB
Sample

241111-1sx26swpex
MD5

7fd89567643fb7500b272127984b7e80
SHA1

7b3eb36264ad0907f9a7bb9368ef8be69bb00d98
SHA256

311b845f45e0a066fbebcc3b75fe94cdcd2c4578634345f254b93f9c3dfc48b2
SHA512

f476903b4259b29ee5f36adc1f425cc105f3080373409a0d19b9558d827dbb9d747023ecd2b1afe8304e3ca043b921143a89bca8a61914e8e26ab6b83edccf4b
SSDEEP

768:04SFsv66g3KnF439NKC54kkGfn+cL2XdA8YRtukODXwXqt7sNAQYzKEm8ZRu9Uzp:vSFsv66g3KnF439NKC54kkGfn+cL2Xd+

Score

10^/10

sliver backdoor discovery execution macro macro_on_action trojan

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

311b845f45e0a066fbebcc3b75fe94cdcd2c4578634345f254b93f9c3dfc48b2.xls

Resource

win7-20240729-en

sliver backdoor discovery execution trojan

windows7-x64

14 signatures

60 seconds

Behavioral task

behavioral2

Sample

311b845f45e0a066fbebcc3b75fe94cdcd2c4578634345f254b93f9c3dfc48b2.xls

Resource

win10v2004-20241007-en

sliver backdoor execution trojan

windows10-2004-x64

13 signatures

60 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://194.182.164.149:8080/fontawesome.woff

Targets

- Target
  
  311b845f45e0a066fbebcc3b75fe94cdcd2c4578634345f254b93f9c3dfc48b2
- Size
  
  46KB
- MD5
  
  7fd89567643fb7500b272127984b7e80
- SHA1
  
  7b3eb36264ad0907f9a7bb9368ef8be69bb00d98
- SHA256
  
  311b845f45e0a066fbebcc3b75fe94cdcd2c4578634345f254b93f9c3dfc48b2
- SHA512
  
  f476903b4259b29ee5f36adc1f425cc105f3080373409a0d19b9558d827dbb9d747023ecd2b1afe8304e3ca043b921143a89bca8a61914e8e26ab6b83edccf4b
- SSDEEP
  
  768:04SFsv66g3KnF439NKC54kkGfn+cL2XdA8YRtukODXwXqt7sNAQYzKEm8ZRu9Uzp:vSFsv66g3KnF439NKC54kkGfn+cL2Xd+
Score

10^/10

sliver backdoor discovery execution trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Sliver RAT v2
- Sliver family
  sliver
- SliverRAT
  SliverRAT is an open source Adversary Emulation Framework.
  trojan backdoor sliver
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

sliverbackdoordiscoveryexecutiontrojan

behavioral2

sliverbackdoorexecutiontrojan

© 2018-2024

Terms | Privacy