MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sliver


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c
SHA3-384 hash: 0e822f8abd39c0a2beed7e3582a714a04846d6c061e4be61b3fccfea622d2c62130077243154af914f901e363fc213a4
SHA1 hash: 69e1bd6a97e29c90f09400135264a50e214df352
MD5 hash: a118da2d2c0046d67f6a16fdc46340dc
humanhash: butter-queen-crazy-fruit
File name:upx_beacon.exe
Download: download sample
Signature Sliver
Create hunting rule
File size:4'179'456 bytes
First seen:2026-03-26 09:26:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (394 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 98304:J5HNEmY1+aahz4e9JeOiw0kaeVyVdKaOijIHbvhI9z:xEx1+/hz4MViJ1dr5IH6
TLSH T1F2163370B41BF071EB29BCB9C90EAE4CBCAA1F80DC0014FA44B5B92BB96F65950571CD
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter juroots
Tags:exe UPX
File size (compressed) :4'179'456 bytes
File size (de-compressed) :13'839'360 bytes
Format:win64/pe
Unpacked file: 9681cad5e4a02106cb8cc3e86cbcebda772bf4005a36bc6bafc947c1a8637dd9

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
PEPacker
Details
PEPacker
a UPX version number and an unpacked binary
Link:
https://research.acce.ciphertechsolutions.com/results/1565fd75-b19b-4545-a7c8-94571d2b0ebd/
Malware family:
n/a
ID:
1
File name:
upx_beacon.exe
Verdict:
No threats detected
Analysis date:
2026-03-26 09:27:46 UTC
Tags:
golang upx
Link:
https://app.any.run/tasks/e46f326f-0b52-4044-91aa-39a0391d9fb6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69c4fc0e390b99647413e8f6
Tags:
virus
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto obfuscated packed packed redcap sliver unsafe upx
Link:
https://www.filescan.io/uploads/69c4fc012346b9da57a80896/reports/1b713427-1c72-428c-866b-bb7c1e01bea4/overview
Verdict:
Malicious
Labled as:
Sliver.Marte.B.Generic
Link:
https://www.hybrid-analysis.com/sample/41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-03-18T02:52:00Z UTC
Last seen:
2026-03-18T05:00:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7f433700-b71a-4984-b7f8-d075742b7395
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c/
Verdict:
Malicious
Threat:
Family.SLIVER
Link:
https://tip.neiki.dev/file/41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c
Threat name:
Win64.Trojan.SliverMarte
Create hunting rule
Status:
Malicious
First seen:
2026-03-18 03:11:45 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
19 of 36 (52.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ifye36v76aspbgsj5vjisns5habubcc6lbsi6c6ysswptovmiioa._file
Verdict:
suspicious
Label(s):
sliver
Create hunting rule
Similar samples:
error
Sliver
Result
Malware family:
n/a
Score:
  5/10
Tags:
upx
Link:
https://tria.ge/reports/260326-le461act5j/
Behaviour
UPX packed file
Unpacked files
SH256 hash:
41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c
MD5 hash:
a118da2d2c0046d67f6a16fdc46340dc
SHA1 hash:
69e1bd6a97e29c90f09400135264a50e214df352
Link:
https://www.unpac.me/results/795c9ba1-cdd4-46ff-8df9-6754b1726ed4/
SH256 hash:
9681cad5e4a02106cb8cc3e86cbcebda772bf4005a36bc6bafc947c1a8637dd9
MD5 hash:
87f881a93f999ff39b686fb7b934fbbe
SHA1 hash:
a55862f64d931cc4843d4cbedb625de5436ce70b
Link:
https://www.unpac.me/results/795c9ba1-cdd4-46ff-8df9-6754b1726ed4/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_PEs
Create hunting rule
Author:txc
Description:This rule detected suspicious PE files, based on high entropy and low amount of imported DLLs. This behaviour indicates packed files or files, that hide their true intention.
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Sliver

Executable exe 41704dfabff024f09a49ed5289365d380340885e58648f0bd894acf9baac421c

(this sample)

Sliver

Executable exe 9681cad5e4a02106cb8cc3e86cbcebda772bf4005a36bc6bafc947c1a8637dd9

  
Dropping
SHA256 9681cad5e4a02106cb8cc3e86cbcebda772bf4005a36bc6bafc947c1a8637dd9
  
Dropping
MD5 87f881a93f999ff39b686fb7b934fbbe
Cape
Cape
https://www.capesandbox.com/analysis/59352/
  
URLhaus
https://urlhaus.abuse.ch/url/3805590/
  
Delivery method
Distributed via web download

Comments