pysilon | 2a1a8f4f8a42ed7fb7bcc3dcc4fde0acd6db267784cbc3431852b2882c4c6ae1

Sharing

Copy URL

Twitter E-mail

General

Target

GOBLIN SERVICES.exe
Size

78.7MB
Sample

231211-z68kdshfal
MD5

cb58033d333ce4d39c63978535e3d91e
SHA1

b5740b3fe890a511f7524c88b1f45845ef3333a6
SHA256

2a1a8f4f8a42ed7fb7bcc3dcc4fde0acd6db267784cbc3431852b2882c4c6ae1
SHA512

d17c468837f5de45217e5421049f2a31fd9d67b2b5f5d8e2755ba4de4ad60c15d6b49d4e949cc22403ba939b796bf97f81371ef30a6d3aadc805d001b538ca58
SSDEEP

1572864:M2MbiJR5Q3j88pSk8IpG7V+VPhqHnE7gwjCi9WlsnghowmaOll4WmVSzsWX:MZbC+7SkB05awHMuiMsghfxOll4j8z

Score

10^/10

Malware Config

Targets

- Target
  
  GOBLIN SERVICES.exe
- Size
  
  78.7MB
- MD5
  
  cb58033d333ce4d39c63978535e3d91e
- SHA1
  
  b5740b3fe890a511f7524c88b1f45845ef3333a6
- SHA256
  
  2a1a8f4f8a42ed7fb7bcc3dcc4fde0acd6db267784cbc3431852b2882c4c6ae1
- SHA512
  
  d17c468837f5de45217e5421049f2a31fd9d67b2b5f5d8e2755ba4de4ad60c15d6b49d4e949cc22403ba939b796bf97f81371ef30a6d3aadc805d001b538ca58
- SSDEEP
  
  1572864:M2MbiJR5Q3j88pSk8IpG7V+VPhqHnE7gwjCi9WlsnghowmaOll4WmVSzsWX:MZbC+7SkB05awHMuiMsghfxOll4j8z
Score

9^/10

upx evasion persistence spyware stealer
- Enumerates VirtualBox DLL files
- Creates new service(s)
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  discord_token_grabber.pyc
- Size
  
  17KB
- MD5
  
  db40ce247b464d3ac0d15080f22ce442
- SHA1
  
  eb10f081e16c9566f1b487d39eda3fb8fa4b0de5
- SHA256
  
  74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046
- SHA512
  
  c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e
- SSDEEP
  
  384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8
Score

3^/10
behavioral3 behavioral4
- Target
  
  get_cookies.pyc
- Size
  
  10KB
- MD5
  
  ddc40a1cee51500039f5c98ef7b1d3c9
- SHA1
  
  1e65cf0d7acb74e429844d2ee5b2d39369d17750
- SHA256
  
  1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436
- SHA512
  
  c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db
- SSDEEP
  
  192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE
Score

3^/10
behavioral5 behavioral6
- Target
  
  misc.pyc
- Size
  
  5KB
- MD5
  
  fccbf8762a2d6e382b044d73c9969fbc
- SHA1
  
  9530b874a2fb37cef0bdbc13775d64400c6158b4
- SHA256
  
  bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89
- SHA512
  
  359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20
- SSDEEP
  
  96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ
Score

3^/10
behavioral7 behavioral8
- Target
  
  passwords_grabber.pyc
- Size
  
  8KB
- MD5
  
  1ca5633be35a5db415bc83be9852bf0e
- SHA1
  
  710a4da76579449bb0b45eecedd42aea82ba6b35
- SHA256
  
  07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099
- SHA512
  
  9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb
- SSDEEP
  
  192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn
Score

3^/10
behavioral10 behavioral9
- Target
  
  source_prepared.pyc
- Size
  
  186KB
- MD5
  
  39fb2e8771a51680a58f06bd028814b4
- SHA1
  
  42f6d7c7cb18c69f24a7ddbdc70e77027784779d
- SHA256
  
  131e47bbedde4d455a921e6ed4c41bd51130ec064ee92fcfdd2fdf5f2a5022c9
- SHA512
  
  f46ba732ed1c36661aecc518e0e449f5116a465bc6c21c2cd1b5a8a2b8ecaec69974e9e2a2ae9ee8e368f4495dff44090864f2a89b415ba78e69103e787ae405
- SSDEEP
  
  3072:wTnL7EhAA9MVdIOonJVqvpuSIVMZJkeBgwcWZM/C8n0:wTn/Ehx9OonTquSImZJkeBgwcO4Cp
Score

3^/10
behavioral11 behavioral12