sliver | 63b56da83ddf792c7753515af5e5b25816a54e1fc10bcc6693b7028e645df2a6 | Triage

Sharing

General

Target

a.ps1
Size

221B
Sample

250411-np5xdsxq12
MD5

462e9cb080a6b3e3e619eabd6d82b35f
SHA1

564c09784970d488d9f46fa71b2b9487572c9465
SHA256

63b56da83ddf792c7753515af5e5b25816a54e1fc10bcc6693b7028e645df2a6
SHA512

279a6306f9be51d5c0770ab6bebb2e2ec95a1d314caf97f9485700a0d8596d36242da775113798d429aac7a7059012aa0e2f482058e7f6cbfe824696a6adb288

Score

10^/10

sliver backdoor execution trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://signin.clouddomainservice.com/help.exe

Targets

- Target
  
  a.ps1
- Size
  
  221B
- MD5
  
  462e9cb080a6b3e3e619eabd6d82b35f
- SHA1
  
  564c09784970d488d9f46fa71b2b9487572c9465
- SHA256
  
  63b56da83ddf792c7753515af5e5b25816a54e1fc10bcc6693b7028e645df2a6
- SHA512
  
  279a6306f9be51d5c0770ab6bebb2e2ec95a1d314caf97f9485700a0d8596d36242da775113798d429aac7a7059012aa0e2f482058e7f6cbfe824696a6adb288
Score

10^/10

sliver backdoor execution trojan
- Sliver RAT v2
- Sliver family
  sliver
- SliverRAT
  SliverRAT is an open source Adversary Emulation Framework.
  trojan backdoor sliver
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sliverbackdoorexecutiontrojan