Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SilverClient.exe

  • Size

    43KB

  • Sample

    250302-as6q7sxxf1

  • MD5

    df9212a0163effe64095200b9ad867f5

  • SHA1

    e8a77b166ba19784bfd0546dd62397a0acae1310

  • SHA256

    d494db603dfaf4c18809920edcf13c698a305f62fead6e94f2a5f88d403e6feb

  • SHA512

    09b7813508360ee8e925285da66db02cc834641de926a02d025d882ea22b98a2cf593f1627c65fb1c120bfcad3e4025cfd5ef490248d4f2aedc9bf96f3bc9dac

  • SSDEEP

    768:rbEGkZdPd1C8oe/R56nfcbeiickhO8i2amxR5rdkWK2RUjQv9SwBzu+QSB6SvZMY:rgRui5AfcbeiiNJxR0D2GUv9M+5o0SnY

Malware Config

Extracted

Family

silverrat

Version

1.0.0.0

C2

4.tcp.ngrok.io:13975

Mutex

lAxDBRhAFu

Attributes
  • certificate

    MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==

  • decrypted_key

    -|S.S.S|-

  • discord

    https://discord.com/api/webhooks/1345519723651006547/1osSQ83PtyY43SLnhWBuoR8KAzXdHONoKnCscV1R6yfHIhgTpaWGyVY0jpsE0y3YkSzc

  • key

    yy6zDjAUmbB09pKvo5Hhug==

  • key_x509

    U2pYbXhHdVRmV3pFU2JkYkF2ZlBhU2FSUEh2dlVV

  • payload_url

    https://g.top4top.io/p_2522c7w8u1.png

  • reconnect_delay

    4

  • server_signature

    yYVhLx7BDVj8OoPAdk2wduk+VxEe8mfCQHl9aHfQeLTEJdnKImoui7kEw5MbKbxidqB1JpcaE/KAdVjZghQJLOrPWTBfX31kUWdirw/oKIOYtOwN5iETUSm7+mGVPKl86rna3p6QDa9Vyg01Y23i4LtiSGBoIbfWpLMSjIn8/Q3n0VuSlfQoD19jdQbKfdXUJjyiYl7QyLfbhrMYfBAvQ+3pn9Uqg11dNq6+LH0N4ewx7DoIKVwCXA3jLn9fOraeBk7+SRUrGT+POlDtacvM3V6olVRTFumyaBULspK/3+kifzkmuvx76TmXfQpBDykUTy4KIWr1bi3EVRr6i5MoWt9e7tJ/f7v0jlu7FA06PyicgG1e1eTk02zxOHYD7CrHwV9y/hq+72oqpXE4zfBKTcD7IJDs6MsUF6hly4gC48M0sh+7ZUaXwixV7atIf+Em+tq4O6qdgQJ/oGKIQwjUiv9DUYR9CmWA2Qa0WdVOvchWMdiR5wFRwPL/VHA2WwBLFijqC4fv0M222qn2aYi2aPPHp21nTCvjj+m8lzdUdoj/f3wDfjoA8nml+bZCXcwZ65T0ZIxhf17tJbvdELwGZMeY9H8m9VuX5Nebpep5ttD70NSkvLVsGRzK5tYHze7YC/w8ePXQFLfkKhV9VXMZO8QaxaFUIVdQoMafGQ87yfM=

Targets

    • Target

      SilverClient.exe

    • Size

      43KB

    • MD5

      df9212a0163effe64095200b9ad867f5

    • SHA1

      e8a77b166ba19784bfd0546dd62397a0acae1310

    • SHA256

      d494db603dfaf4c18809920edcf13c698a305f62fead6e94f2a5f88d403e6feb

    • SHA512

      09b7813508360ee8e925285da66db02cc834641de926a02d025d882ea22b98a2cf593f1627c65fb1c120bfcad3e4025cfd5ef490248d4f2aedc9bf96f3bc9dac

    • SSDEEP

      768:rbEGkZdPd1C8oe/R56nfcbeiickhO8i2amxR5rdkWK2RUjQv9SwBzu+QSB6SvZMY:rgRui5AfcbeiiNJxR0D2GUv9M+5o0SnY

MITRE ATT&CK Enterprise v15

Tasks