Malware Analysis Report

2024-11-30 11:59

Sample ID 231021-hc9rxseg28
Target GraveYard.Client.rar
SHA256 c597e0fc16402b1e4d03969819fa2c30ecc1e9969da2f688251a7d32f9214e77
Tags
pyinstaller pysilon quasar
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c597e0fc16402b1e4d03969819fa2c30ecc1e9969da2f688251a7d32f9214e77

Threat Level: Known bad

The file GraveYard.Client.rar was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon quasar

Pysilon family

Quasar family

Quasar payload

Detect Pysilon

Detects Pyinstaller

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-21 06:37

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-21 06:36

Reported

2023-10-21 06:38

Platform

win10-20231020-en

Max time kernel

11s

Max time network

19s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\GraveYard.Client\mods\configs\LICENSE

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\GraveYard.Client\mods\configs\LICENSE

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-21 06:36

Reported

2023-10-21 06:39

Platform

win7-20231020-en

Max time kernel

28s

Max time network

18s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\GraveYard.Client\mods\configs\LICENSE

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\GraveYard.Client\mods\configs\LICENSE

Network

N/A

Files

N/A