Overview

overview

10

Static

static

1

Configurat...or.zip

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ConfigurationDetector.zip

  • Size

    4.2MB

  • Sample

    241203-1thnwawmfy

  • MD5

    3c4e343282bf2dc0a20442d4f29a1a29

  • SHA1

    94214e65c596dafbd090666891c2026ec1c7c9e5

  • SHA256

    8dbf836097cbd346ece1fca7481a5654ce8d61c67f594d5b944d380ff553c97d

  • SHA512

    49897d2d99a9bd6243f00821d9cc561c1acb32e0596d02f9f9e973f98c5345768d77c84033d50f0cd2d49e747610e885d359990f35ceeb20ea4ac5954820bed0

  • SSDEEP

    98304:0ur4m+zIHbrLLVlXCr7Xgcefm0WLtNAnKOtPhOQi0htnQN+Mc:zJomHug2sXrd

Score
10/10
sliverbackdoordiscoveryevasionexecutionexfiltrationmacostrojan

Malware Config

Targets

    • Target

      ConfigurationDetector.zip

    • Size

      4.2MB

    • MD5

      3c4e343282bf2dc0a20442d4f29a1a29

    • SHA1

      94214e65c596dafbd090666891c2026ec1c7c9e5

    • SHA256

      8dbf836097cbd346ece1fca7481a5654ce8d61c67f594d5b944d380ff553c97d

    • SHA512

      49897d2d99a9bd6243f00821d9cc561c1acb32e0596d02f9f9e973f98c5345768d77c84033d50f0cd2d49e747610e885d359990f35ceeb20ea4ac5954820bed0

    • SSDEEP

      98304:0ur4m+zIHbrLLVlXCr7Xgcefm0WLtNAnKOtPhOQi0htnQN+Mc:zJomHug2sXrd

    Score
    10/10
    sliverbackdoordiscoveryevasionexecutionexfiltrationtrojan

    • Sliver RAT v2

    • Sliver family

      sliver

    • SliverRAT

      SliverRAT is an open source Adversary Emulation Framework.

      trojanbackdoorsliver

    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

      evasion

    • Exfiltration Over Alternative Protocol

      Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.

      exfiltration

    • Gatekeeper Bypass

      Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.

      evasion

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

      evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks