Overview

overview

10

Static

static

10

SilverRat ...ng.dll

windows7-x64

1

SilverRat ...ng.dll

windows10-2004-x64

1

SilverRat ...er.exe

windows7-x64

10

SilverRat ...er.exe

windows10-2004-x64

10

SilverRat ...on.dll

windows7-x64

1

SilverRat ...on.dll

windows10-2004-x64

1

SilverRat ...ra.dll

windows7-x64

1

SilverRat ...ra.dll

windows10-2004-x64

1

SilverRat ...at.dll

windows7-x64

1

SilverRat ...at.dll

windows10-2004-x64

1

SilverRat ...ps.dll

windows7-x64

1

SilverRat ...ps.dll

windows10-2004-x64

1

SilverRat ...er.dll

windows7-x64

1

SilverRat ...er.dll

windows10-2004-x64

1

SilverRat ...DP.dll

windows7-x64

1

SilverRat ...DP.dll

windows10-2004-x64

1

SilverRat ...NC.dll

windows7-x64

1

SilverRat ...NC.dll

windows10-2004-x64

1

SilverRat ...er.dll

windows7-x64

1

SilverRat ...er.dll

windows10-2004-x64

1

SilverRat ...er.dll

windows7-x64

1

SilverRat ...er.dll

windows10-2004-x64

1

SilverRat ...ns.dll

windows7-x64

1

SilverRat ...ns.dll

windows10-2004-x64

1

SilverRat ...rm.dll

windows7-x64

1

SilverRat ...rm.dll

windows10-2004-x64

1

SilverRat ...ds.dll

windows7-x64

1

SilverRat ...ds.dll

windows10-2004-x64

1

SilverRat ...PP.dll

windows7-x64

1

SilverRat ...PP.dll

windows10-2004-x64

1

SilverRat ...DP.dll

windows7-x64

1

SilverRat ...DP.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SilverRat.V1.5.Re.Lab.zip

  • Size

    6.0MB

  • Sample

    241231-vgt89aslhj

  • MD5

    93d60643736dc238f439aeca41f6422c

  • SHA1

    604968d55833a90ec8deca396acb4e6e1439cdbc

  • SHA256

    ebb23e2966d195bce807cbe2d06058402e010bc919d76819847644673bfdbce2

  • SHA512

    7d664a63f6c93d88c7227fa9efdd8e2e04099dd9da96ff7047ee943f43378ec68775f3236bc8be356444e2ce8d4473a9e5ee6dd157663cfc27f83865731458d0

  • SSDEEP

    98304:4LuT1zbeIEvcxlxec6gMPuIxsMZsoW4dqHiKt+W3Z9l2EisWPDMy:4LuT1zqKw/dsz4dYtPV2EcDMy

Score
10/10
silverratagilenetevasionexecutionpersistencetrojan

Malware Config

Extracted

Family

silverrat

Version

1.0.0.0

C2

auto-london.gl.at.ply.gg:51655

Mutex

SilverMutex_kTAAZjMenK

Attributes
  • certificate

    MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==

  • decrypted_key

    -|S.S.S|-

  • discord

    https://discord.com/api/webhooks/1253749007772160090/mxExcAUGlJgTCbYOk_u7JJAnNpsIhMne5e0PjqkRY2MV_40Bgpix2Ezib84aFxRmN66j

  • key

    yy6zDjAUmbB09pKvo5Hhug==

  • key_x509

    QnZ2VW1rTFlUa09ESXhCRkdHYURSSlBBdk5SQk5J

  • payload_url

    https://g.top4top.io/p_2522c7w8u1.png

  • reconnect_delay

    0

  • server_signature

    RMCh38rJRIwRMYf2Sbpd9BzSePeTpscme+fLNDX9Bf6O5IR+EWvJS971m1lprJ/vpdLYQPZIImuX69267sqtVY2b3yH1lw7e7EZaXIHsGFR2uyeUjLQeAjD47DWaaKkGg8wKKEQ7AX8lBa1tYmqDorMfwQ9K2xlGjrxnS9ZotbBaz/KmFDUSwnUEWc6K5tKdqXQ5scv4Iejt9hGqjIxCo1c3AyRwr1eezKhGK66t4Y1aPVfqkIwuI23vWEPPjJYRDn5dWq5EykrPUBvH+OORD9xrQmM63F/gLb5d5/LlrOqSfkd5/yTv8YROpQfzMAYH5k10o6P4I+oBlGpJ9MwzL5Y4JBHSJyiG/m9XuEYKxe1zgffuIhU/xo30i0YC/hkKd5U8BP5k6PdZg9OLI+a8k7sa4/Sk/9Zkjx27VuOZdZs8IMP9t8mumexIqz2fvkwSO79gNHehbK8Y1feAFrlzCMoxK06XKuMRCyGOPse3sNm57TPHUBbk5yhteOGujQ9402QViU3tL9ZQR4rN71H4CBlNHaHbc0PO4+WhgxaAkr3W2/OOCyoaGrX1Kv18VFwwqB9Gqj0wG0MsA+femZUx/+SY41jQ715JwPCrD4aNkKu7xrjYnii+JjVsgNqaLVOhWv1VjL3qkCJ9kf0c7ob8qNOXaePlpZmHsWg/fgChnAk=

Targets

    • Target

      SilverRat V1.5 [Re Lab]/Bunifu.Licensing.dll

    • Size

      1.3MB

    • MD5

      c18a9e44e200c7315a1868caab894293

    • SHA1

      18f65508762d2492f41b22e4e6e5ad19a2226baa

    • SHA256

      661a5be944dc9fb2e0eba01c3c0584feb3ecca44877d77f54d0f409ce801af22

    • SHA512

      9a5e08bb6ed4535ac92ca446b630b29587cb5a4d7d695234a5d93267d2ac13d702b3738ba0e20606f10020e9642e8e315e7ddc92f1c321b68daf8524a3f5f2d1

    • SSDEEP

      24576:d2zl/P3R5+dsFXDbzFWIq7GVuU9QS3AJYeyA1xJj4WIbDIHIr:d2ztPhM+XZWrqQAw61bHr

    Score
    1/10
    behavioral1behavioral2

    • Target

      SilverRat V1.5 [Re Lab]/Fixer.exe

    • Size

      45KB

    • MD5

      545d64cc91e4da6339a70d54a2443c5d

    • SHA1

      f03344ab824c7cf0f73dcc86aa34cab36e2e54e7

    • SHA256

      04109cb3426408945bea79e8e355285fb5bf93224b5b2775a5f6ff6c1e992b5f

    • SHA512

      733154a7f76840fad3ead2af149cf708807878ef3f08c62232ee3cdc0b7e6a4b4dc338103569daf9f755a6549475df15b34b7f223929348001d4086e83371681

    • SSDEEP

      768:OarX4D9pmZGOXnXhEk75rVeZtxbuRULQj9SEQf9B6SbuDFvr1/xf:OarID9pVU5rVe3xCGsj9O9oQ2Fx/xf

    Score
    10/10
    silverratevasionexecutionpersistencetrojan

    • SilverRat

      SilverRat is trojan written in C#.

      trojansilverrat

    • Silverrat family

      silverrat

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

    • Target

      SilverRat V1.5 [Re Lab]/Newtonsoft.Json.dll

    • Size

      659KB

    • MD5

      4df6c8781e70c3a4912b5be796e6d337

    • SHA1

      cbc510520fcd85dbc1c82b02e82040702aca9b79

    • SHA256

      3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af

    • SHA512

      964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

    • SSDEEP

      12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn

    Score
    1/10
    behavioral5behavioral6

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/Camera.dll

    • Size

      52KB

    • MD5

      e9e0b5fc7b1ed6f01d08d981d1cd761f

    • SHA1

      011ac2fa1b9df6a4cb6d88c14316216bb64526bb

    • SHA256

      2c82773466f72756d8152e4d5dc24d2ec954bfe5a6e7cae587d2e1d316ef43d0

    • SHA512

      df75359dd9c1bcc6bccb17522186d710ae16054a496c3f75fa171dfe8f09e314fb28a7b1111193e64e37639c6d37de5c77cd99d795f72ab5338459886da6b964

    • SSDEEP

      1536:K74lunLw1ANlGCkO9bTlqpWQq5As9VG3wEiz:K7XXaGHApPq5cAEiz

    Score
    1/10
    behavioral7behavioral8

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/Chat.dll

    • Size

      36KB

    • MD5

      736292dd81ad93bff84c28ce5de02385

    • SHA1

      40d46e915d049966f023e8d8c1e059d9b6c22567

    • SHA256

      0c83898f29762a4e3650fc5f5a8a3c3114d06da8f6a3fb2fa8b990a36716d6bd

    • SHA512

      c126f17b9ed91994d52e61c7ab75536962a2c0f03cf90cba06fa423dd732379e7ccdf4050dada73267864feee8b677bd5c16ead8a485e3d8bd3f4bcc462015ed

    • SSDEEP

      768:IOgpJ+MbCCj9fGS7C1mf8O1eJU4Fcn6vELlZbS/uG7lknOez1fVQrgYo1:9gpJRH997DfB+U4FK6vEWuml+z1VQrgp

    Score
    1/10
    behavioral10behavioral9

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/HApps.dll

    • Size

      30KB

    • MD5

      a7c3b329ab9f4e20ed40c78b2ac36864

    • SHA1

      fcb594e1a2a7c27e0208d413411e1ca30fdf4279

    • SHA256

      d922c1762640f37a503eb116627a732290ae38b52f9b33437ffee608f7853a28

    • SHA512

      870085fabe2ae4768b6ea9d2e7f13dad752f4c26ec6d61debd0b76c683771823b07338e1323e26c0c8e17f9ecf7f5d7fcd4b7d0b148501ef9e278b8b680925f9

    • SSDEEP

      768:B+Oy2Qaqmlo69aT1+STn1dtU6l5sOyniwSWAqDIug:B+a1oKYcMnt5TbWJg

    Score
    1/10
    behavioral11behavioral12

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/HBrowser.dll

    • Size

      22KB

    • MD5

      ce1d9f8c498cd8c5ee38fa94df4b4907

    • SHA1

      d3b811137776e4b1dc937d294ce0eff9a12594ff

    • SHA256

      55b5efe0a09cb5cb79308874e2e5d25c895f995754bbf960ce9a403207ce3abd

    • SHA512

      58c9e62bc32376773a9bb1f266aab617ad2098f2d12b13fba1bfcefdf3edd1f44682c791567cc67035550b80b735ae460111145fd1b9d733325cda9dfbe61849

    • SSDEEP

      384:a1vknrDG5kbu+MyKCduqwYjrVCSvuC+s6ZxMuzB9uzwVkOLyeKKIyYCiJo9BkzH6:CvO+CnMyKirwkuC+s6ZxPzB9nkZM/Bku

    Score
    1/10
    behavioral13behavioral14

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/HRDP.dll

    • Size

      16KB

    • MD5

      b9c9ea357d04731bda8c8393ae5cd741

    • SHA1

      8d462aafddd5f37513226523dd4b7a354be2f492

    • SHA256

      a475f59f6a1b6b1fb4c6e78f1fbe7df2d38c4f743488ba7da128a5771bf6de86

    • SHA512

      1876e27c5d224d4bac403f99bfff21cbdd35e3d4d91257ff7c2482552e9925d85c69eb092e590ca48251e8fbf19372c131d191caa0e2b8977a2ced36173515e2

    • SSDEEP

      384:KiHITWv10Dlxk/Apew9M7A7VAmp93Yc9d1CThP3kVL:DdmPkYpn7VAmn79dQThP0VL

    Score
    1/10
    behavioral15behavioral16

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/HVNC.dll

    • Size

      31KB

    • MD5

      3d07031e76978680240e80cc54451ad4

    • SHA1

      255f32852fa97990ce16c8bdae766c79c7bcfe56

    • SHA256

      44cb17f3b048ba2c7653409b0dec7c94eb86d2cf0322ac79ce6764d5b8df1549

    • SHA512

      3595793d4b8e197a60d9c28060415489592da44e20e8f999d91e4c2f164e43ee00aaf94216a0daf4ade1cab8577dd34bb8e02c7ba12b3757b2c82c4e4bb91c7a

    • SSDEEP

      768:hdLQtzcSzlbMwNVCQZ/7zBcdiWhl/6tVSFn4MU1bpN2OCDSjLBydQEw:rL6oSpNVRZ/fBFMSt2fU5/jCDeLodQEw

    Score
    1/10
    behavioral17behavioral18

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/Keylogger.dll

    • Size

      13KB

    • MD5

      8e2d761ccea68168d0b991b475155678

    • SHA1

      2872d722bdaf496d520e643d114e712199ef00f1

    • SHA256

      c3fd1d11641109c9033fa20af16c6b737008c137fd8a926bf0b4c6630d8ab9ac

    • SHA512

      e179a1da9f2d00cd74352dc81305462dc928a6e2acace665d42e8a2d0999bc6c8669e5e290ebd17064c6166604f87de2c7e7f31b42b4ea82b23738792c68f68d

    • SSDEEP

      384:ilOmhksiBTIy2tyzb9UX1jiXGf+histUnXdRcrTZxx:S29FIr4zBqUGGc2UnNITZxx

    Score
    1/10
    behavioral19behavioral20

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/Manager.dll

    • Size

      126KB

    • MD5

      b17ddbfdf27aaedb6e26ed70783a6ae7

    • SHA1

      08590ed55d9adc47c53a9dcf7dfafc60b877aa13

    • SHA256

      da8c5ffb5d268e9aa5783bcb064502df8f78cba724a0f96793795fe97e62a6e1

    • SHA512

      0079131280257413f43a01a0de2b3cf393745d2864ab521619888b3b25f7f0ec1f32f9d6f682250b73c92c1483d841f7ca3f8bf34e785e3fc93afae6d086693e

    • SSDEEP

      3072:rgBZ0kM7aryhNEAXTx0XGgrLU2T+2CdjVz+2YLaBb4oPL6:8BaH7aEE2mXbLU2yz5b1G

    Score
    1/10
    behavioral21behavioral22

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/Options.dll

    • Size

      45KB

    • MD5

      ff88d61dc7adc644d79b0f898059a7b1

    • SHA1

      151557a014d6b177fd1ae1496f0719184df08c86

    • SHA256

      3fd7b67e56b40caf53aa9b2df102967f7e2aab0bb4bf90ea769ea725c0498657

    • SHA512

      ae06793d10c6c76a994db8cf3fe97a859df2a1e0dd2bc56fac042bba8a93a56e52b4edf28a30113e4cd547157bde07a77383f0295822d8e6ddea51dfcdc0b1f0

    • SSDEEP

      768:guYdNeZRx4qeyvSlFSOr4eKzBSea9jxOyVKJiN86ajxYGit6N2iX6/bwN45BVFg6:Xawe0SlFSk4eKzBha+yYiF3CNNX64QS6

    Score
    1/10
    behavioral23behavioral24

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/OptionsForm.dll

    • Size

      28KB

    • MD5

      fdaa271259f3b58f88bcfce1da990af4

    • SHA1

      ae2bb4c6725134e9f53f7d63d8920d5c7c4e54de

    • SHA256

      b2a0dd7d7b92ec5b99e3b18fb0235b3b039373edf9a4ea51b36447ac7d0ad464

    • SHA512

      469507660f15a9b72cf160da089b2b4e44625010ba15cdee3d6e08f467e1d724aa0d177adbd7af926a55b0dddd016d565804ab1b2fb071ee37b48487d553b8d9

    • SSDEEP

      768:jsyNQnYSA6ncANYj93R++1XZiyTpidYe0Hhhv:1D8Rm3RrXZiyTpiYHv

    Score
    1/10
    behavioral25behavioral26

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/Passwords.dll

    • Size

      63KB

    • MD5

      67df2a509df555bbbb04264d9177c4c9

    • SHA1

      4afbe8e70698cc6cc7cb2091c1d7dd8b343e49b6

    • SHA256

      31805c53dcd4df47675401e2f286026492a4d2c9ffb13bf5293e8955d5ec96d1

    • SHA512

      0b10b268a5590aa4649decda9190df03673f55b09bf66660cab43f76e61cd9afd4e3ff285b6623377f883930f3221933c7abde1b795642ccd909ccb17154712e

    • SSDEEP

      1536:wCulm7fmXE654s9/i7fiaMLY/u9rU3xgQxR8:/KXE6Wj74L4u9r+E

    Score
    1/10
    behavioral27behavioral28

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/RAPP.dll

    • Size

      18KB

    • MD5

      3749325c46c36e83ea28ddd92aa60c9f

    • SHA1

      a792b9eb154fcbd376660bca5bb1cac11e29cd17

    • SHA256

      2e717bd5321a2ac65b38cc39238dafa7e34b7446031a6a6200aca86199a59ade

    • SHA512

      876013df8c6736ac3bed7e8efb03cc783abe33936c2f8b7908b554b5584c42a8e81f953f7c4066576d8ef931026eb4af84618179cc0001519c493f6651ccd4be

    • SSDEEP

      384:ac5CxOJrR6SkdyR9DVB8PMhwkQAuWh/Z+tBEsLHhJU1thzssJaBVoS7z+8cbt:acUOR7lRxT9+kQdWh/AtBEaJU1ti6S+t

    Score
    1/10
    behavioral29behavioral30

    • Target

      SilverRat V1.5 [Re Lab]/Plugins/RDP.dll

    • Size

      17KB

    • MD5

      2bd24da470e3968fec572600d4637f37

    • SHA1

      752a3ee7e92e6141c26338b327b5a060c0583030

    • SHA256

      c5d5123886fc5e948693a2c1cf14b6b1262f2b98b2ccb6ee3b06bab0c32e6c00

    • SHA512

      60df75c2362a991ce108ed2b52d47316b56b527eef67700b89a6aa8dc52cb0f223991fe6b9819d4c047c5445051078d55965209bbf8f7c1421fc0dbc12fbc393

    • SSDEEP

      384:Iy6n5a9cH8dkubDfK+eTpual9QSiSNkQ0KhEjH66U78:h6whHfK1lWzSNZ3hEjan78

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

agilenetsilverrat
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

silverratevasionexecutionpersistencetrojan
Score
10/10

behavioral4

silverratevasionexecutionpersistencetrojan
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10