sliver | hxxps://transfer[.]sapo[.]pt/downloads/59a7a12a-f30c-47ba-b9cd-5c16377db4aa/sapotransfer-62781136816c1O8/

General

Target

https://transfer.sapo.pt/downloads/59a7a12a-f30c-47ba-b9cd-5c16377db4aa/sapotransfer-62781136816c1O8/
Sample

241125-wv78pszkew

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://0day.works/a

Targets

- Target
  
  https://transfer.sapo.pt/downloads/59a7a12a-f30c-47ba-b9cd-5c16377db4aa/sapotransfer-62781136816c1O8/
Score

10^/10

sliver backdoor discovery phishing trojan
- Sliver RAT v2
- Sliver family
  sliver
- SliverRAT
  SliverRAT is an open source Adversary Emulation Framework.
  trojan backdoor sliver
- Blocklisted process makes network request
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: currency-file@1
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sliver RAT v2

Sliver family

SliverRAT

Blocklisted process makes network request

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: currency-file@1

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1