Overview

overview

10

Static

static

1

secure.zip

windows10-2004-x64

1

secure.zip

windows11-21h2-x64

1

1

ubuntu-22.04-amd64

10

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20250410-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20250410-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28/04/2025, 16:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1

  • Size

    1.3MB

  • MD5

    708450f590eaf23e869080d09ed14e01

  • SHA1

    88becd1d342cd701852218d633c7fc0d7a952547

  • SHA256

    3f14dc65cc9e35989857dc1ec4bb1179ab05457f2238e917b698edb4c57ae7ce

  • SHA512

    968f87d7fd00bc9f00798a5e74ae992029d596121afd7289782390cd7aeae7f4696b08b34d22a2da5c1cce8ad93e89435ef5731c45f99a0390e7539825de8fd8

  • SSDEEP

    24576:x4k8SfzvMfCv/G4NRRf1NxrCURCFNvGOSQn652wOPn+m4:+k8SbMfCHZXvxrxRCFNeOJagJ4

Score
10/10
sliverbackdoordiscoverytrojan

Malware Config

Signatures

  • Sliver RAT v2 1 IoCs
  • Sliver family
    sliver
  • SliverRAT

    SliverRAT is an open source Adversary Emulation Framework.

    trojanbackdoorsliver
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Changes its process name 3 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /usr/local/sbin/chmod
    1⤵
      PID:1589
    • /usr/local/bin/chmod
      1⤵
        PID:1589
      • /usr/sbin/chmod
        1⤵
          PID:1589
        • /tmp/6COKJYR189
          /tmp/6COKJYR189 " "
          1⤵
          • Enumerates kernel/hardware configuration
          PID:1590

        Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/6COKJYR189
          Filesize

          8.1MB

          MD5

          1abe2a03b3fe2a3d4a07e7f509617044

          SHA1

          917d6ac893692f6b3c67736e57be420fb7781e83

          SHA256

          e5ff6673e1bdf6a200f9bf9ae3c7e3096a0657f5b23c5186750712080c57560c

          SHA512

          1d55a460e9b3927538387e8da53c8479c727747271f568a6a83625b06a74ddcd7d1b7fa4a4d9dfc6f10c327ec4e3f374cab6b65bf6bdf60ba6ee1dbcdfb9cfc6

          Download Submit