Overview

overview

8

Static

static

7

SilverRat ...er.exe

windows11-21h2-x64

8

SilverRat ...at.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SilverRat.V1.5.Re.Lab.zip

  • Size

    6.0MB

  • Sample

    240701-l63ggsvgnd

  • MD5

    93d60643736dc238f439aeca41f6422c

  • SHA1

    604968d55833a90ec8deca396acb4e6e1439cdbc

  • SHA256

    ebb23e2966d195bce807cbe2d06058402e010bc919d76819847644673bfdbce2

  • SHA512

    7d664a63f6c93d88c7227fa9efdd8e2e04099dd9da96ff7047ee943f43378ec68775f3236bc8be356444e2ce8d4473a9e5ee6dd157663cfc27f83865731458d0

  • SSDEEP

    98304:4LuT1zbeIEvcxlxec6gMPuIxsMZsoW4dqHiKt+W3Z9l2EisWPDMy:4LuT1zqKw/dsz4dYtPV2EcDMy

Score
8/10
agilenetevasionpersistence

Malware Config

Targets

    • Target

      SilverRat V1.5 [Re Lab]/Fixer.exe

    • Size

      45KB

    • MD5

      545d64cc91e4da6339a70d54a2443c5d

    • SHA1

      f03344ab824c7cf0f73dcc86aa34cab36e2e54e7

    • SHA256

      04109cb3426408945bea79e8e355285fb5bf93224b5b2775a5f6ff6c1e992b5f

    • SHA512

      733154a7f76840fad3ead2af149cf708807878ef3f08c62232ee3cdc0b7e6a4b4dc338103569daf9f755a6549475df15b34b7f223929348001d4086e83371681

    • SSDEEP

      768:OarX4D9pmZGOXnXhEk75rVeZtxbuRULQj9SEQf9B6SbuDFvr1/xf:OarID9pVU5rVe3xCGsj9O9oQ2Fx/xf

    Score
    8/10
    evasionpersistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

    • Target

      SilverRat V1.5 [Re Lab]/SilverRat.exe

    • Size

      45KB

    • MD5

      545d64cc91e4da6339a70d54a2443c5d

    • SHA1

      f03344ab824c7cf0f73dcc86aa34cab36e2e54e7

    • SHA256

      04109cb3426408945bea79e8e355285fb5bf93224b5b2775a5f6ff6c1e992b5f

    • SHA512

      733154a7f76840fad3ead2af149cf708807878ef3f08c62232ee3cdc0b7e6a4b4dc338103569daf9f755a6549475df15b34b7f223929348001d4086e83371681

    • SSDEEP

      768:OarX4D9pmZGOXnXhEk75rVeZtxbuRULQj9SEQf9B6SbuDFvr1/xf:OarID9pVU5rVe3xCGsj9O9oQ2Fx/xf

    Score
    8/10
    evasionpersistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

2
T1053

Scheduled Task

2
T1053.005

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Scheduled Task/Job

2
T1053

Scheduled Task

2
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Scheduled Task/Job

2
T1053

Scheduled Task

2
T1053.005

Defense Evasion

Hide Artifacts

4
T1564

Hidden Files and Directories

4
T1564.001

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

2
T1102

Impact

Resource Development

Reconnaissance

Tasks