General
-
Target
rat.rar
-
Size
375KB
-
Sample
250308-13qe3sszbz
-
MD5
d821d82e777ad8b392c580c02b1b16d3
-
SHA1
7a75231a30fded6d20f8d5d8c5db910d573f2838
-
SHA256
c9c505c8607cad0f8b787fe677ac182fc697930d9ef1895178c50e4f8d99f0c0
-
SHA512
f6e61ecf521fc7818dac763c9108d4d200948f8032a3c8277b98f7793f2980bfde5ed65650c726378cfc745aac4d2e855de4c4a582864af52f024645383de5c9
-
SSDEEP
6144:6BdOByoBywBy+ByqByBBydByoByWByqByoByzByRByAByaByXByhBy0:Gh7Dx1q+7J17kazFAK0
Malware Config
Extracted
silverrat
1.0.0.0
if-eventually.gl.at.ply.gg:17094
Mutex_DthEiIseBZ
-
certificate
MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==
-
decrypted_key
-|S.S.S|-
-
key
yy6zDjAUmbB09pKvo5Hhug==
-
key_x509
eGlwZU1BZVJwdkFBdllxYmdRQUJ2eWtsbVVURFhE
-
reconnect_delay
0
-
server_signature
82XrwJstrm0nqjslD808bx+Ume3efeGMf7zUlVkngpQb87z21PsSKQBcTZK9EaXM0QyjpcsVNJXl0qmSosxJJOm0KKVMHYKGnVBNCZLj5O99+4v22ZWCi56RWOs9+ng8qwN8xdzn3HnKucPRz7a8JhI+UEI2ukS8ZhVfV7qf1oq6FwIG1uh4L4GwsQcfllQtFIzrcJqIdmWxM3WuMauxIW/Zzj51aSjpesrkHtxhBfKl3W4xhpX5jcWIcCiLfvfQ9E+PNUX749MGWb8fbvDdeI5yZun92ZZlcYpsymaYSEGIyzYotaZEVnsVattoVvsdOkWrsVqlKf4XIPFxmijkMaGQ/ayfFFpbjWPbyeJGlIAa+KbR5CxvF59/zedZirVAcFOWAzE/E/+kyxIbNtd6o7GZE2ZcIsMeei2HIjuCiWKsiV7qLY7vd//T8Rf8mG5/4i/xCiDG7HHX4oSx6mi6u97uThj6ULk43RmOL+fHaV2J+DewyDSivdrRWlQ95pX8FlRiKXlaJIxCbTWOwxsK2xebzkbsUKGGsOwCA/UQJ1TXNmatbaNqldHgqXKgYSFLRIiLDgM0xZQ+ThJag+cRkT7qr7W7HVaFlDNiLbVm4QZ34Iy//W3TM7w17dYghMhn3550gafqXCLOIH9vPh+YF9KVG3e3EOrkYaDUQK13PxY=
Targets
-
-
Target
rat/SilverClient - Copy (10).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (11).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (12).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (13).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (14).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (15).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (16).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (17).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (2).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (3).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (4).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (5).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (6).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (7).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (8).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
rat/SilverClient - Copy (9).exe
-
Size
43KB
-
MD5
44a5ff2feda2634ae7d9fadc97ebd0a0
-
SHA1
9a763aefd806585e11a36203e575ae142f38bc6c
-
SHA256
5dde6801897a7d76c16e64c0b36a3280fbf5371642a690b85ddd31538c4458d8
-
SHA512
cebc24998c33d7fe8bcdba5183d60c36b3ccaac247d0ee206a73485236453c109dc269522df01d85f58efd3d7a28358221f2139f11356f95f9b8283475f576ca
-
SSDEEP
768:GdmcASe38zJ/Ol6IoZmtPHJm7+avCJ8eEPNRULQD9PUGa7AB6Sh/lE:GdmcASeuOtvhmeZKNGsD9pYAoS/lE
Score10/10-
SilverRat
SilverRat is trojan written in C#.
-
Silverrat family
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1