Overview

overview

10

Static

static

3

rc (2) (1).exe

windows10-2004-x64

10

rc (2) (1).exe

windows10-ltsc_2021-x64

10

rc (2) (1).exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rc (2) (1).exe

  • Size

    227KB

  • Sample

    250323-fnxwdstpy7

  • MD5

    3ebfd2e63dbdb727badcaee9f86c52bb

  • SHA1

    006c520203e7610d9fed7874c803286c3b81402f

  • SHA256

    b0c60f1512bb002f4f782c9fda6c42dded1e5f04c467d1b526205a96d602fb9f

  • SHA512

    483eb63069156a2c5eb004a9602c9a7aa4d99ba714e5f7a7787d8af401ee5bbc5a30deb90196953a61fd61cb50584f8f9b590a9c91364bba6688248c30ca013f

  • SSDEEP

    3072:Emooj7nGTEA3uUq4uEHBAnpK37nX78c0BgHQ7Unpr74tyJhd6KtAn6m7TcSs2oWh:tHGvb8RUp1v+P7ts2oWP

Score
10/10
silverratexecutiontrojan

Malware Config

Extracted

Family

silverrat

Version

1.0.0.0

C2

hai1723.duckdns.org:7560

Mutex

SilverMutex_NACcsErPbz

Attributes
  • certificate

    MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==

  • decrypted_key

    -|S.S.S|-

  • key

    yy6zDjAUmbB09pKvo5Hhug==

  • key_x509

    T293bGdva2RNV1NSTkplemxKVmdNRERIZnBSdW55

  • payload_url

    https://g.top4top.io/p_2522c7w8u1.png

  • reconnect_delay

    1

  • server_signature

    uVfwBVROYvLse9BydYbpQ4qEIVRJZOuJw/m0UevQE77Fbyux2jnKja3rYS7yvdy90NVgej0vrnPprej3ckCtF4k3kAXSWQb6yfcX+O68Pw+jJJ+SR4CFWxRzF+Xt8AQGEg40OggwwUql7o8cgfcf+lVxKvN9+u80Xk/07Ce0lbiUd9wrm+pF7GX24mxN85OsaD8YyZ3PdK3pUeLWrwKuf00WQ5i0XxdDd+Svvv2TG87l+ydSnpvg+vFc1VwrH0zHwORlX4yxNzbfJW4o9xw5SoLdWKN4R+H3NsqTFvMsPS1jqUeh0kaGhEYQsbXiKMfRJm7A1tF0JgANaE2rCGtA8jqyyhUq5E5qCWlHpKjMurzX4pD8/OVSpUDnMs0Sgpqrk+Jio6cFbJclsblS1ozLpUUt5xpmM8wG4g0FvYXQ3PofyMAOjkGHTkhf+CavcCnHOfvWuZyTeMtwg69pisv71eYNsNE701AvMgkPEvNkB1217ktRaQnYb8tNvfRk2zqyYSj+UwnkVRpeyT8V760HwISUs6rF0G+jbQDFquFBDoISkHMInpgORs0skC/ByxPBVGYAdp9EkkBozf180f+L5gcdgiIf5CZBH3yXQQAUPdkpwPgNwdor2/rDMUhthuSIRPnfIMbJyduFOUf/PCFdexiHkJbA9GBDLbOf9uys2cs=

Targets

    • Target

      rc (2) (1).exe

    • Size

      227KB

    • MD5

      3ebfd2e63dbdb727badcaee9f86c52bb

    • SHA1

      006c520203e7610d9fed7874c803286c3b81402f

    • SHA256

      b0c60f1512bb002f4f782c9fda6c42dded1e5f04c467d1b526205a96d602fb9f

    • SHA512

      483eb63069156a2c5eb004a9602c9a7aa4d99ba714e5f7a7787d8af401ee5bbc5a30deb90196953a61fd61cb50584f8f9b590a9c91364bba6688248c30ca013f

    • SSDEEP

      3072:Emooj7nGTEA3uUq4uEHBAnpK37nX78c0BgHQ7Unpr74tyJhd6KtAn6m7TcSs2oWh:tHGvb8RUp1v+P7ts2oWP

    Score
    10/10
    silverratexecutiontrojan

    • SilverRat

      SilverRat is trojan written in C#.

      trojansilverrat

    • Silverrat family

      silverrat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks