pysilon | e4852aad5c54e48f680657770df676ed4e2deddf18e065738c22408afcd8f9ad | Triage

Submit
Reports

Overview

overview

Static

static

A92.exe

windows7-x64

7

A92.exe

windows10-2004-x64

9

Resubmissions

09-10-2023 19:45

231009-ygnm9aaa82 10

09-10-2023 19:13

231009-xxdmjsfg3w 10

09-10-2023 19:09

231009-xvaswahg77 10

08-10-2023 22:57

231008-2xravsah34 10

08-10-2023 17:47

231008-wc2yzahc59 10

08-10-2023 17:43

231008-wajplshc46 10

08-10-2023 17:24

231008-vyxqpshb37 10

08-10-2023 15:14

231008-smjnlafg83 10

Sharing

General

Target

A92.exe
Size

75.8MB
Sample

231009-xxdmjsfg3w
MD5

4fb2d72821abf6062c52dd5c647e86bb
SHA1

91af4276217071500af264d4c0d7622025f4951c
SHA256

e4852aad5c54e48f680657770df676ed4e2deddf18e065738c22408afcd8f9ad
SHA512

fa970bff2cb5cc6e8fceb80607b89447bbd929886e3495c180ddc10a38a585d54f89f2c06556b0f1d77dd0aae80f88f6398d9043710e540726f68513e3bb5348
SSDEEP

1572864:W2MTiQYH6Sk8IpG7V+VPhqC3/E7lftCHpXnnYWlXxTa9k4VjkWraUrB6QYdv:WZTixaSkB05awC3RJX33Ty9VjkKaUrcn

Score

10^/10

pysilon persistence pyinstaller spyware stealer upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

A92.exe

Resource

win7-20230831-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

A92.exe

Resource

win10v2004-20230915-en

persistence spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  A92.exe
- Size
  
  75.8MB
- MD5
  
  4fb2d72821abf6062c52dd5c647e86bb
- SHA1
  
  91af4276217071500af264d4c0d7622025f4951c
- SHA256
  
  e4852aad5c54e48f680657770df676ed4e2deddf18e065738c22408afcd8f9ad
- SHA512
  
  fa970bff2cb5cc6e8fceb80607b89447bbd929886e3495c180ddc10a38a585d54f89f2c06556b0f1d77dd0aae80f88f6398d9043710e540726f68513e3bb5348
- SSDEEP
  
  1572864:W2MTiQYH6Sk8IpG7V+VPhqC3/E7lftCHpXnnYWlXxTa9k4VjkWraUrB6QYdv:WZTixaSkB05awC3RJX33Ty9VjkKaUrcn
Score

9^/10

upx persistence spyware stealer
- Enumerates VirtualBox DLL files
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

File and Directory Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2

persistencespywarestealerupx

© 2018-2025

Terms | Privacy