MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sliver

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c
SHA3-384 hash:	7ac4bb93be27a055824bef50b6120424a26f2267a19f330a488c3dc17acbccf924fa9bd70d412da0458b04089dc0fc6e
SHA1 hash:	1c9c312f710b243ce8e512478a8f64cf7184272d
MD5 hash:	bd84bdff727b82364685f4179170d81e
humanhash:	nebraska-monkey-comet-equal
File name:	psaux.exe
Download:	download sample
Signature	Sliver Create hunting rule
File size:	15'861'760 bytes
First seen:	2023-12-24 00:00:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f0ea7b7844bbc5bfa9bb32efdcea957c (58 x Sliver, 17 x CobaltStrike, 12 x AsyncRAT)
ssdeep	98304:zKaYjw5U5R5BHH6/gffAZMmuYC5es4rw2iSqsw9OE7ONkozhkrfHzF4EFEO:+VBHa/gf4ZMxYSes4rw2irsw9ra2
Threatray	10 similar samples on MalwareBazaar
TLSH	T156F6F903F8D51199C8E9D1B489214172FA71785C1BB973CF6BA1B7B42B32BE04E7A790
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	adm1n_usa32
Tags:	exe Silver sliver

Intelligence

File Origin

# of uploads :

1

# of downloads :

396

Origin country :

RO

Vendor Threat Intelligence

Detection(s):

Win.File.Sliver-9942542-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm greyware sliver sliver

Link:

https://www.filescan.io/uploads/658774c1b855eb3693f0fbf2/reports/7f373179-7c79-49df-a22a-768d43ac0cd3/overview

Verdict:

Malicious

Labled as:

DeepScan:Generic.Sliver.Marte.E

Link:

https://www.hybrid-analysis.com/sample/df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c

Result

Verdict:

MALICIOUS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ebe019ef-ddb4-4bed-b2fd-bf89011d3d1e

Result

Threat name:

Sliver

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1366561

Signature

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Potentially malicious time measurement code found

Yara detected Sliver Implants

Behaviour

Behavior Graph:

Score:

98%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c/

Threat name:

Win64.Backdoor.SliverMarte

Status:

Malicious

First seen:

2023-11-14 17:46:05 UTC

File Type:

PE+ (Exe)

AV detection:

19 of 37 (51.35%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=36cilkwzelyorbmpnepzwcyrnsgodv2ld4hhznysryuu5b43xmoa._file

Verdict:

malicious

Similar samples:

1aecadf489a6dd7a3a6e5dfda9425673a9d04d38a5cb6b0b8f961536c11237ed

2f9b3c29abd674ed8c3411268c35e96b4f5a30fabe1ae2e8765a82291db8f921

688cae52f548ddba0e77ba67a08b76cccedd19fd0d841d55902d94130253b909

df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/231224-aawhhsbbgj/

Unpacked files

SH256 hash:

df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c

MD5 hash:

bd84bdff727b82364685f4179170d81e

SHA1 hash:

1c9c312f710b243ce8e512478a8f64cf7184272d

Detections:

Sliver

win_sliver_w0

INDICATOR_TOOL_Sliver

Sliver_Implant_32bit

Sliver_Implant_32bit

Link:

https://www.unpac.me/results/3c40e3b6-a24a-40f8-98ab-11b3ee9e34ca/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe df8485aad922f0e8858f691f9b0b116c8ce1d74b1f0e7cb7128e294e879bbb1c

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2740527/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample