General
-
Target
SilverClient.exe
-
Size
42KB
-
Sample
250226-g6w79avlw4
-
MD5
c312ff9dfd199ae5b504932e018b4d84
-
SHA1
75ff47cc5fb04726d14df93b9c8804360a74f4ad
-
SHA256
ab51ee1b9d05629f8756c9d552a2e182f6273c34a9cb052e9ba5338667bc5a97
-
SHA512
94a1e811451022abc9e408c5ede051d9656ce74383455b3ecb897dba9c1abf1bac21447b42ece811845271639de201d780b9aaab594615636fc59538be3684a7
-
SSDEEP
768:VdLkzyZYjLyb63W3DtmMfBJ/MlKYMRUA9PsMtB6SnXyvruaNE:VdLkz8bRhh7a3MGA95oQXyiaNE
Malware Config
Extracted
silverrat
1.0.0.0
SilverMutex_EZMDaghRAK
-
certificate
MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==
-
decrypted_key
-|S.S.S|-
-
discord
https://discord.com/api/webhooks/1344190210203975710/llWGKbVGP8KFjTLbojySgUGmRZ-7w1XiROSsUTWS4cwLV54tR8hpAm5WBow8QrkHvn-k
-
key
yy6zDjAUmbB09pKvo5Hhug==
-
key_x509
dmthUlBIaHJSb3BpbVJEa1JUQVJtbllUWUR2TWFZ
-
payload_url
https://g.top4top.io/p_2522c7w8u1.png
-
reconnect_delay
3443
-
server_signature
OCjxeZ8fdb/ngTEL4g1gLuCJlPbmz2jouEwmleUcZyEJYA+WqhSq18n0CCapT7+9pilgBq+I3lTRrqT8nW47hzNaagZwauFhzN8WaPNFA9N8F2G/RxrFELr1IUYL8mK2EBMsYAJX8cY5qX9Umx0s8N7yNOPPJNs4QNYGc1TDraKBwNX41dleV8CCFHuw/9TYGyT9afq8HE6bONYKyMkF/Z+fxlVGfh8L64hYBX1wNZzqf51UrCRDhPnBJcAOfgVWd/AQuas2bIaetecGoc3qxpEJ2FOi8FrtYfvKYeA77Jzz6DpEjKN31C6CazjyXYGKAQN+LewPlDjQOTrIVmrComYHrqRCfG1kZtT+FIN00lTR+xKG8wksKyqbfTN+gWFvOopy2HFFjY6aoqtkkUTtc4tnq4AtL1rXfzrizLRuKqPlSip8PD5l+vMwi8vkLaDXOHnveimQ7eUxhEyCwB5LrFbCjZvTItw8iB0GLUVhGz1RZNOj98bHbdqwhW6cGGOGswinVK9b05nUnUY0zVoEZ8sHtv5SbvbBq0QYaoOmpVk+FpUiIvbrlRpZfgdep+YVtvaTf2sOLRbQd7Obr0Y0M/X4kyGU0AEawpw7ctO28qa7sHehFI7LPqAdZF8hsYxuT/+t9Gk5MJoaopa71JbhQlJn7+eFcGnmRwwihARJUe8=
Targets
-
-
Target
SilverClient.exe
-
Size
42KB
-
MD5
c312ff9dfd199ae5b504932e018b4d84
-
SHA1
75ff47cc5fb04726d14df93b9c8804360a74f4ad
-
SHA256
ab51ee1b9d05629f8756c9d552a2e182f6273c34a9cb052e9ba5338667bc5a97
-
SHA512
94a1e811451022abc9e408c5ede051d9656ce74383455b3ecb897dba9c1abf1bac21447b42ece811845271639de201d780b9aaab594615636fc59538be3684a7
-
SSDEEP
768:VdLkzyZYjLyb63W3DtmMfBJ/MlKYMRUA9PsMtB6SnXyvruaNE:VdLkz8bRhh7a3MGA95oQXyiaNE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Executes dropped EXE
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-