sliver | 2024-12-26_c13fdc0c618f4d882b4edadfe42ff8a6_frostygoop_luca-stealer_poet-rat_sliver_snatch | Triage

Sharing

General

Target

2024-12-26_c13fdc0c618f4d882b4edadfe42ff8a6_frostygoop_luca-stealer_poet-rat_sliver_snatch
Size

10.3MB
MD5

c13fdc0c618f4d882b4edadfe42ff8a6
SHA1

2aa61eb134e3b87a164074f929552336e3b89cfd
SHA256

0559656273e90206e9aa999426639ec06d8f355a45de17b9f7441c958fe1c486
SHA512

84ca42a303faf0a33e8b698ffdf24931c06f9327ce1a8d9f53348ff2a7537df639756c67f71bb3f96a7e74cbeeb1e824e26218ece34ae7aea54b7e98e4ddee32
SSDEEP

49152:XjKYlHbDIkIi5Insurb/TUvO90d7HjmAFd4A64nsfJWw5gK2EN2jDea/71wTNWdZ:/Ii5IsDfEeCabtiq3KD+PEKTGHg1ubKb

Score

10^/10

sliver

Malware Config

Signatures

Sliver RAT v2 1 IoCs

resource	yara_rule
sample	SliverRAT_v2

Sliver family
sliver

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-26_c13fdc0c618f4d882b4edadfe42ff8a6_frostygoop_luca-stealer_poet-rat_sliver_snatch

Files

2024-12-26_c13fdc0c618f4d882b4edadfe42ff8a6_frostygoop_luca-stealer_poet-rat_sliver_snatch
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 303KB - Virtual size: 719KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ