Overview

overview

10

Static

static

7

Silver Rat.7z

windows10-ltsc_2021-x64

1

Silver Rat.7z

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Silver Rat.7z

  • Size

    10.5MB

  • Sample

    250314-yjt8ta1nt5

  • MD5

    94306cf12778c76e530c99a79ffbf155

  • SHA1

    78ff9ae383665885d4c484c225e8db093f379273

  • SHA256

    3fce4b5d26887b84f5f9081fb4b26fc8d8a28bd4e44cc5b7d4f94f1407d4a1e6

  • SHA512

    91a4bec7c0cf86c935fa182f1bed613389fa6250675e31d262e2ae2e90b61b4d15f0045c9562615c43bba8e057a7bcd52d98ec06109f935d7e8dce02c0d3b734

  • SSDEEP

    196608:cEqZUYyeiDxFBVwSfSjR4FaVrVqtnBET7erfudD46RqhzXog4pVFArDdUkL3tmmU:cEqN0DzjfiVBqV+ves4aAog4KdUkLFB6

Score
10/10
silverratagilenetdefense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

silverrat

Version

1.0.0.0

C2

127.0.0.1:4782

Mutex

SilverMutex_DnlFxUAZJS

Attributes
  • certificate

    MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==

  • decrypted_key

    -|S.S.S|-

  • key

    yy6zDjAUmbB09pKvo5Hhug==

  • key_x509

    c0V0WlFEZ0xZYlNlSGZLUG1qWnB2aG1IZ3JTUkFP

  • reconnect_delay

    4

  • server_signature

    IqDF2t0tcUeJ45OhGxBEabVCTR+SMe9fy0D2607QNUJafsLMzxQt+lR3DrLHF4kvM18f91T2hryrTJ3/qULM1BIIFaJPuj7jN5fYtRcb1PvD/PN5+O4vIFRPXVNYmQl6sXQQ57yM764zbvOFZAl+zatj35TPt90FnnMOSdB1HTDbxN1bBa1lYQfR9DAWl32/lJl4Sfou/ipWItEgzogtu1Cpt+FLTl5Y2Iu+uqNyra6/hnrh0NvzQaUiWATvdXv2kodONZLOHgtC4WVJy89ISm6QogqCtif0geO+pXcLx6eaZvCyNv8VuKbPV4TlJvuI6bJEYOE5UDCWCsAevqzea6sAHDz09qSNtApThog6jZ6yP4j46athEl76hkcVznFNqzyjHUdXHzWZe1DhaAlZvXhz3DIdNlwZz2lasWBPbSrJUajcq4nhsp6Q4+2Uwhl/eEGeMqECPq7B3yAUCp7wKB3IYSlkEZsFo8TRiJXsEzzv4N7cw9ueeRnWSmaj4sKVB4F955rG3HPYrbZvkviNp/Jm385af6Nyp7q5ZzfD55n/jFcJXZdsuVTXI7FZZh2HalQF+cIQVX9GirHYFZZ3FPxSYZx1vqHbYvmorSkqO0aMu2KBmiJbfUaBjMpLzSd81NXbqglhUecv5xbZHP/366yhuxmhLsOXc3gvw11imhw=

Targets

    • Target

      Silver Rat.7z

    • Size

      10.5MB

    • MD5

      94306cf12778c76e530c99a79ffbf155

    • SHA1

      78ff9ae383665885d4c484c225e8db093f379273

    • SHA256

      3fce4b5d26887b84f5f9081fb4b26fc8d8a28bd4e44cc5b7d4f94f1407d4a1e6

    • SHA512

      91a4bec7c0cf86c935fa182f1bed613389fa6250675e31d262e2ae2e90b61b4d15f0045c9562615c43bba8e057a7bcd52d98ec06109f935d7e8dce02c0d3b734

    • SSDEEP

      196608:cEqZUYyeiDxFBVwSfSjR4FaVrVqtnBET7erfudD46RqhzXog4pVFArDdUkL3tmmU:cEqN0DzjfiVBqV+ves4aAog4KdUkLFB6

    Score
    10/10
    silverratagilenetdefense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      defense_evasiontrojan

    • SilverRat

      SilverRat is trojan written in C#.

      trojansilverrat

    • Silverrat family

      silverrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks