Overview

overview

10

Static

static

1

winrar-x64-701.exe

windows7-x64

10

winrar-x64-701.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winrar-x64-701.exe

  • Size

    3.8MB

  • Sample

    250104-3rfgvatlex

  • MD5

    46c17c999744470b689331f41eab7df1

  • SHA1

    b8a63127df6a87d333061c622220d6d70ed80f7c

  • SHA256

    c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

  • SHA512

    4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

  • SSDEEP

    98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score
10/10
silverratdiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

silverrat

Version

1.0.0.0

C2

tristanasnigeris.ddns.net:1177

Mutex

SilverMutex_ALxWrXoNHM

Attributes
  • certificate

    MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==

  • decrypted_key

    -|S.S.S|-

  • discord

    https://discord.com/api/webhooks/1203134586893373491/q6tQbmKnUeuvvXfGSYTDOjac96V_7mQiYeTfQRdkoaOzb-RUY6kCok44-DiKFEoB460J

  • key

    yy6zDjAUmbB09pKvo5Hhug==

  • key_x509

    RVlNTm54UkNERUtDVkRxS1lta0FOZE9FSkl6ck5B

  • payload_url

    https://g.top4top.io/p_2522c7w8u1.png

  • reconnect_delay

    4

  • server_signature

    e2X3I7vzsr0GSnC+Jr28Plys2ny8jjkud4Ica4lmgB7bEuEd12YwNooV9L7vQKsQfWTPQFO0x8eXiuCDVyfFLy/c3pJl8mv/JFgFj2pck86SFO+VTZivzxTPj5fXxd2Sf1mfX3PUn/KjsxMsZfqpnlhpLTblPQ2uIc1QdAHanmJxd8hZXYPFkvjOH6MOO9WxJ72ZJOijAodXh5Y9Y0eBMbdJ3ng4CHwDtqoPVXHYf60rO37IDKSnVCq4z80DwnUmiYGxXgRRYKXLIiOKXqQKZ+q2GvWj7A4b3bu7DIZmiMZUUeiyhL8d0FQrCUPDkdAsJi1Erxs3s9timx007fZc2cgEMLSBQyqvRZG8FaiP73+TKmqvo5izmiho9iZz4rtDIkGH0iTYRkdePcLGFRHkK6fjBawCW8A5UUuRQ4Sv2FHwCBVixdj44UZESEf74y8Ff/u1kQRXeJNxodf1/9wLVM0geMNFE3O+SjQESN4SRqzXyl8NHdeUX85Nzw1ITeeGvbvo2+BFGU67IWYfTQ0I4hsAhEaq7Cy/8nG16AesRL3IFCn5MtwGdj07MWTWr5jyU0USpNxmoLf2ZaGIPcXxP9NH+PSxAm8owCr19THoRSV+l5yVFi/QkR77tV8d8dA2/5qS7JUCZmQqQoDd2mw4kJMy4RL7p58dEy37bK9pKBY=

Targets

    • Target

      winrar-x64-701.exe

    • Size

      3.8MB

    • MD5

      46c17c999744470b689331f41eab7df1

    • SHA1

      b8a63127df6a87d333061c622220d6d70ed80f7c

    • SHA256

      c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

    • SHA512

      4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

    • SSDEEP

      98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

    Score
    10/10
    silverratdiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

    • SilverRat

      SilverRat is trojan written in C#.

      trojansilverrat

    • Silverrat family

      silverrat

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

2
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks