MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ab7bda4b0d3f5d5fd9d9bbf56733fb4162774a464b5acc292cc0a6fa5b37e2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



SilentNet


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 2ab7bda4b0d3f5d5fd9d9bbf56733fb4162774a464b5acc292cc0a6fa5b37e2f
SHA3-384 hash: 75a42278b39f1c5228c1710440b2581fbd10ff50593fb2e35e9c0c26af9ac68bb0300244ae993d218d207b7723d03ae9
SHA1 hash: 9653b7a96505b29d4404840e4ceb0760d3293336
MD5 hash: fa7ba124665c50ed72f74bc41ef88adb
humanhash: sink-vegan-hot-london
File name:prestige client 1.21.1.jar
Download: download sample
Signature SilentNet
File size:4'549'835 bytes
First seen:2026-07-14 14:35:03 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 98304:4ddTAXqfDmkLoHXGBbaclgUgqsb26z3iK40z5zm+FvQX4QMq76Gz1:4dd8qfD/ac9siy3iI5zmQ4XEk9z1
TLSH T10E260105FD1E1475F103B3754BD12F2DB9BC8290EF0AB1AA2DF188829AF15D68F79216
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter burger
Tags:jar SilentNet

Intelligence


File Origin
# of uploads :
1
# of downloads :
134
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
90.9%
Tags:
shellcode virus java
Verdict:
Malicious
File Type:
jar
First seen:
2026-06-24T03:44:00Z UTC
Last seen:
2026-07-15T12:14:00Z UTC
Hits:
~10
Result
Threat name:
SilentNet
Detection:
malicious
Classification:
troj.spyw.expl.evad
Score:
100 / 100
Signature
Allocates memory in foreign processes
Creates a thread in another existing process (thread injection)
Exploit detected, runtime environment starts unknown processes
Found many strings related to Crypto-Wallets (likely being stolen)
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Suricata IDS alerts for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Unusual module load detection (module proxying)
Writes to foreign memory regions
Yara detected SilentNet
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1942309 Sample: prestige client 1.21.1.jar Startdate: 14/07/2026 Architecture: WINDOWS Score: 100 79 pypi.org 2->79 81 files.pythonhosted.org 2->81 83 2 other IPs or domains 2->83 99 Suricata IDS alerts for network traffic 2->99 101 Multi AV Scanner detection for submitted file 2->101 103 Yara detected SilentNet 2->103 105 4 other signatures 2->105 12 cmd.exe 1 2->12         started        signatures3 process4 process5 14 java.exe 5 12->14         started        17 conhost.exe 12->17         started        signatures6 115 Found many strings related to Crypto-Wallets (likely being stolen) 14->115 19 javaw.exe 884 14->19         started        process7 dnsIp8 85 150.136.141.142, 443, 49701, 49718 ORACLE-BMC-31898-OracleCorporationUS United States 19->85 87 198.178.224.35, 443, 49699, 49716 LATITUDE-SH-LatitudeshUS United States 19->87 89 185.178.208.191, 443, 49703, 49713 DDOS-GUARDRU Russia 19->89 47 C:\Users\user\AppData\Local\...\python.exe, PE32+ 19->47 dropped 49 C:\Users\user\AppData\Local\...\winsound.pyd, PE32+ 19->49 dropped 51 C:\Users\user\AppData\...\vcruntime140_1.dll, PE32+ 19->51 dropped 53 623 other files (none is malicious) 19->53 dropped 23 python.exe 213 19->23         started        file9 process10 dnsIp11 91 pypi.org 151.101.0.223, 443, 49722, 49738 FASTLY-FastlyIncUS Canada 23->91 93 151.101.128.175, 443, 49727 FASTLY-FastlyIncUS Canada 23->93 95 2 other IPs or domains 23->95 55 C:\Users\user\AppData\...\tmptw9ugr5n.tmp, PE32+ 23->55 dropped 57 C:\Users\user\AppData\Local\...\winsound.pyd, PE32+ 23->57 dropped 59 C:\Users\user\AppData\...\vcruntime140_1.dll, PE32+ 23->59 dropped 61 30 other files (none is malicious) 23->61 dropped 107 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 23->107 109 Found many strings related to Crypto-Wallets (likely being stolen) 23->109 111 Tries to harvest and steal browser information (history, passwords, etc) 23->111 113 3 other signatures 23->113 28 python.exe 1088 23->28         started        31 pip.exe 23->31         started        33 cmd.exe 1 23->33         started        35 2 other processes 23->35 file12 signatures13 process14 file15 71 C:\Users\user\AppData\Local\...\pip3.exe, PE32+ 28->71 dropped 73 C:\Users\user\AppData\Local\...\pip3.12.exe, PE32+ 28->73 dropped 75 C:\Users\user\AppData\Local\...\pip.exe, PE32+ 28->75 dropped 77 378 other files (none is malicious) 28->77 dropped 37 conhost.exe 28->37         started        39 python.exe 31->39         started        43 conhost.exe 31->43         started        process16 dnsIp17 97 151.101.128.223, 443, 49748 FASTLY-FastlyIncUS Canada 39->97 63 95ad9cf1790ae51303...729f24d.body (copy), Python 39->63 dropped 65 750721289c257d7ef1...c2c8a0f.body (copy), Python 39->65 dropped 67 49583e7972e864a609...ef5e4e7.body (copy), Python 39->67 dropped 69 17 other files (none is malicious) 39->69 dropped 45 cmd.exe 39->45         started        file18 process19
Threat name:
ByteCode-JAVA.Trojan.Generic
Status:
Suspicious
First seen:
2026-06-23 23:44:22 UTC
File Type:
Binary (Archive)
Extracted files:
2136
AV detection:
5 of 36 (13.89%)
Threat level:
  5/5
Result
Malware family:
silentnet
Score:
  10/10
Tags:
family:silentnet stealer
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:TA_Printables_Cluster
Author:frexna
Description:Detects Python RAT, Pyramid, Fernet, zlib/base64 and pythonmemorymodule artifacts

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments