Overview

overview

10

Static

static

1

CC_scan.pdf.lnk

windows7-x64

10

CC_scan.pdf.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b27e630de32d92a29ae13298858e107c7f6d59dc5a16e27027f99c9fd5ff1a63.zip

  • Size

    792B

  • Sample

    241129-eftnbszjgq

  • MD5

    289254a51c29d1a33a79580f1f81c46d

  • SHA1

    0e1e0d11d8510717b2cd00e23f2fb84dee0a1696

  • SHA256

    b27e630de32d92a29ae13298858e107c7f6d59dc5a16e27027f99c9fd5ff1a63

  • SHA512

    a74144b70ae7aa52481f7c6af29d17e439413014c07b8a58bb4532f1564db96b258f121b32afe1bbda2572e902eda192d44a3e647af4192d054a32d79b08969b

Score
10/10
sliverbackdoortrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://0day.works/a

Targets

    • Target

      CC_scan.pdf.lnk

    • Size

      1KB

    • MD5

      95bfcc2eac48c76681aa2d97a5674201

    • SHA1

      f72d50b2bba6e479ec106ae2f6fe993ab6eef99a

    • SHA256

      f35bc7fcf73829f246b7c900600d04ceb38812f5407970daa1c5dfe1954ff478

    • SHA512

      952485dbd0096257ab62ef2fa684d1333fa1e495ad29d8e7a8aaa41d6b316abb48ca5ad2c1b704db7e5bc346a8350039a059c7d5ad323b072ecd3911ac4c5925

    Score
    10/10
    sliverbackdoortrojan

    • Sliver RAT v2

    • Sliver family

      sliver

    • SliverRAT

      SliverRAT is an open source Adversary Emulation Framework.

      trojanbackdoorsliver

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks