Overview

overview

10

Static

static

10

560953939f...d5.exe

windows7-x64

10

560953939f...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    560953939f22102629a3b62f3468c5a13c6c25f25b2aeabda76bd0e0cf2d73d5

  • Size

    45KB

  • Sample

    250327-x7pskaxscs

  • MD5

    d3ccb3a1ecb388c950062855a916c827

  • SHA1

    f5d5ec3f4877819d41a2de66748d24347a00d1a1

  • SHA256

    560953939f22102629a3b62f3468c5a13c6c25f25b2aeabda76bd0e0cf2d73d5

  • SHA512

    0d67ad4f46ece4cdb2273255f4d614bcce89ca3758c96bd45c2a1d34fdd04c8214d0c3a97e79fa3acc47571af53fab7036789eaab563fbb3216896e53cffb9af

  • SSDEEP

    768:X6sg/BD9qVKOXnXhEk75rrmt1E+cXjA7RULQv9S8Q9hD1B6SEJvrl/xU:X6sgJD9q8U5rCwjA7Gsv9eF1oVJ5/xU

Score
10/10
silverratdefense_evasionexecutiontrojan

Malware Config

Extracted

Family

silverrat

Version

1.0.0.0

C2

127.0.0.1:7777

Mutex

SilverMutex_rRFGGPWbDL

Attributes
  • certificate

    MIIE4DCCAsigAwIBAgIQAKQYOfZd86J2BfNjhG4CWTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZTaWx2ZXIwIBcNMjIwODI2MTkwMTA4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlNpbHZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbpOWfhZTuOfEaqqImTTe5dNHAAry7/mf00DCoI4lPZfypsc1tYraxSPFeayGu09a3qdhkWKSVIgwnu2n4GLQNOCY9fh/1oyrX4Iir3BIkYeU7pKTWgjhUlAmFAUAaNr0ca23Ku2kN79jrDzRznOgE2DEW4p7OiM4Mb097ma9lzu7MyssHbY4VCteAhj9HZiplqBxaC1vXDmzxqG+gUZ1aLcyG7ssdkOjtWVBgT3gD/gOl7KchRzCFB1egDC/vD9WZCG35U3Ngi+IkTznoXR1R06cq4v0UnGjE37R2vcB21qb0ZYNiZJXZHv5i9+R7xoPeNoLda5PqnfGGbhPvNEdD56mdcOKlzGIuyemLkUo8texdpiBWKbtc3JZf5VsKxjJtHDK3xW6gDGI+PAirzGkFPmwcf8WgsblvzLg8OZpVxVs8rmKWoi6qIrf4CXnyl73J4lgzW+ir7PjANAQXwLNGdNnvdMeLeo/muGQPdeNpr6OczGGnkWA4qniHeL51/Gx0a8A+jP9zKiyu+qHcsP2IotgWDH/KlzJVr7IAum+DV92uV8poTDcUNcHaKvhHA65KmEtsvLbK6lFZcAMC0eWC0VgpW44T1/16rOaaky5mP6rTMc3nSyOl/lU/XgAgGGQPe22bRLWYzd3WVeEpI1WnHYXS+tL9IOe4kJP+pYsWDAgMBAAGjMjAwMB0GA1UdDgQWBBR32TJj2LeUx9L+RcSOvmFV6VJq6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA+qucSOi7ov7Q1FmAjMf925KuvKuCNwJiu3Sqo3FDGVAD1fAwAi2FdyuXEO2VIUPZCkalFcBna5rqyrc6tcS4T0IL2TsYLrsuGir7PWP7CAcft1urYS1HpNpHxeH/nixwnQaQs/MuRmdm2TeCj6G21P5BTW55U5y9sMPSYwhbD2N7XLgnSQd5Y+80TR7FUiye/k3D37fI9PRhSQGbfYFRQQTmxj84dPTnY5CVgaY9d8fNiFZkyjaZdf+mibK0xQTf+xLVVj+toDNCkc1F462TdmFhCrHd4PoMo0yLDNv4SC6NLRq4haWDRtORw6gd5GYIoCQ3m3oQvNlNxXhhIjsOyxkxOrkCD0c+57PIc7EmKXieJa/XxnkcIVxO8dvTY/vijuz/VaZYl/lPu9ckuqgJ1wRvvsHl70Trv4Mn4X5uCIqRFFlK/mSOZbLIguGkDN3QIZABvej89vlZMhrVfZOG2oawe23FskHjv7thF/WzOXtWw6RUVC1V+hCwbuxFNUjZmmOTUwdXHnus7I2AuiG6Jz1+y9aYiXBcVTdSljxjHRRmiRaAnY94h58vN8NJ4hKL2GVCo6LxkpuplmcntJN0cKraKTPxSXcCRrqWxX9qoIbfvBcUU4vH1jPJCCLNCuDyD3lgQkpPVvq0EMU1a2HFGgMEQMjpYpb38rcadDhT5ag==

  • decrypted_key

    -|S.S.S|-

  • discord

    https://discordapp.com/api/webhooks/1354344972534550572/iYaCJzbXkLb3YT6yUhx_-NiWb1GadYyNw4eCuscw0WHsCZ3xCxErc2s6bSsEQ3LUa0nl

  • key

    yy6zDjAUmbB09pKvo5Hhug==

  • key_x509

    eWhTQVpxY2hiWVREZmZUVUdEckliYXlSdE9TTGNV

  • payload_url

    https://g.top4top.io/p_2522c7w8u1.png

  • reconnect_delay

    4

  • server_signature

    foqVuclxxbucQCJGnGnaPowuPSeeqUyaq3kwEhFvPGfEFrLBaWuCrPNaSC5A2VxPyGC1ViGOvKfX/6RtUM7AOg/J1nZGpVxg5PgHwe1zSRibEFxY7b5UvpoZfTXQw0Osf+GoKgaxo6HveZG5KL9AH1Zf/dn2Wu9VtgcAz8Qrl4LDi4e9AuC6/OKIJ4veKB5XW98voKPRa7tAULSIXi96R5h7ZZlxEU7rox+VXGYfkjIOMlsSOXhvuRptvyl1pfZ0XJsaoMQcot6rTrqQSNDBa0DJZ1VYE4nhWjjKnTmappiVpm+g08Z7NWW79TEC80ZHZQ9TX6jtMtPDN5Wn2juA7L84Mhh03GZrV53+OWaFyf4LhpCWiGPrKzUm+r2FtCmdfkG96emPLLqTR78AGk2DdM3V4ZSq+HTHhchqhdUe8EQ72UjGP3usUYzR1BBbRkeKvE6VwPhoj5FTCM1WBPqNlw2axfwYVMUJZnB0aWRWbzslMlJ4OKPxu5sdha2F5/dojN7O7hXJs8Pzt3ChzNlocnB2RgmQDWywT9WCpH0/uY2uc7kPXNm0RhtpyVLtsCsBoJe40TumlL6UNAtbtAYi/I2/sCJYQJKgNGJpQZAGUfDORFb0G199igd3Re4cpUOwNHC3kw12fQadwJdLrhW8T3DwtAFWj4+AgORs9Y9qhnI=

Targets

    • Target

      560953939f22102629a3b62f3468c5a13c6c25f25b2aeabda76bd0e0cf2d73d5

    • Size

      45KB

    • MD5

      d3ccb3a1ecb388c950062855a916c827

    • SHA1

      f5d5ec3f4877819d41a2de66748d24347a00d1a1

    • SHA256

      560953939f22102629a3b62f3468c5a13c6c25f25b2aeabda76bd0e0cf2d73d5

    • SHA512

      0d67ad4f46ece4cdb2273255f4d614bcce89ca3758c96bd45c2a1d34fdd04c8214d0c3a97e79fa3acc47571af53fab7036789eaab563fbb3216896e53cffb9af

    • SSDEEP

      768:X6sg/BD9qVKOXnXhEk75rrmt1E+cXjA7RULQv9S8Q9hD1B6SEJvrl/xU:X6sgJD9q8U5rCwjA7Gsv9eF1oVJ5/xU

    Score
    10/10
    silverratdefense_evasiontrojanexecution

    • SilverRat

      SilverRat is trojan written in C#.

      trojansilverrat

    • Silverrat family

      silverrat

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.