pysilon | 38cd7450ffcc0a5d7e0931326bca7a25cf9ec2baf24b9ba06b1dbddc046f413f

General

Target

Powerpoint5.pptx.exe
Size

73.5MB
Sample

240122-wx88sacaam
MD5

e0f7af00d581fa6553dcdec0529ae78e
SHA1

34a5962a0bf0454929af48d97a64e072ad561d99
SHA256

38cd7450ffcc0a5d7e0931326bca7a25cf9ec2baf24b9ba06b1dbddc046f413f
SHA512

ee43422b5b32321afbe08319b3b1a37776e0a389f6cc957758eeda3ee495f5c257cd9c97f6226015bf914e085d9edc593b9f8ab5a4604bc200f979924fab2d4e
SSDEEP

1572864:dvpQpjyNSk8IpG7V+VPhqILE7qqRjRnWWZ/dc7lWlkSWEBZlzx:dvpqGNSkB05awI5qRdlwYlkS5/x

Score

10^/10

Malware Config

Targets

- Target
  
  Powerpoint5.pptx.exe
- Size
  
  73.5MB
- MD5
  
  e0f7af00d581fa6553dcdec0529ae78e
- SHA1
  
  34a5962a0bf0454929af48d97a64e072ad561d99
- SHA256
  
  38cd7450ffcc0a5d7e0931326bca7a25cf9ec2baf24b9ba06b1dbddc046f413f
- SHA512
  
  ee43422b5b32321afbe08319b3b1a37776e0a389f6cc957758eeda3ee495f5c257cd9c97f6226015bf914e085d9edc593b9f8ab5a4604bc200f979924fab2d4e
- SSDEEP
  
  1572864:dvpQpjyNSk8IpG7V+VPhqILE7qqRjRnWWZ/dc7lWlkSWEBZlzx:dvpqGNSkB05awI5qRdlwYlkS5/x
Score

9^/10

evasion persistence upx
- Enumerates VirtualBox DLL files
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  8KB
- MD5
  
  849e6942b15c2008c7641432902645f5
- SHA1
  
  60942191e1ab3c6d3edf697b57d09c1620c51710
- SHA256
  
  fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b
- SHA512
  
  0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a
- SSDEEP
  
  192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  5KB
- MD5
  
  2754e3152f668e31fccca7b6f275716b
- SHA1
  
  e9ed74d679a96372c4457e72bc6639a4d96a2378
- SHA256
  
  f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
- SHA512
  
  a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
- SSDEEP
  
  96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  2KB
- MD5
  
  bcb404423ac51f798753e8d11e401071
- SHA1
  
  9080018dae3aa157e3a97904c86af06d4a0a6873
- SHA256
  
  572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
- SHA512
  
  25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  4KB
- MD5
  
  8b9cbd29c3dfec519a4313b1b7a0069b
- SHA1
  
  5efb073593bc8908a7514dad78673c9d65344a6f
- SHA256
  
  589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
- SHA512
  
  c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
- SSDEEP
  
  96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  60KB
- MD5
  
  1c8654d3ceb379663a908da3131052d5
- SHA1
  
  dac63557da1fbc74d0f76291acf1258969b6e4c1
- SHA256
  
  a484157f5c5a9220edb1eb8f30330d16789f971445e1569a6825a46a18141048
- SHA512
  
  c88f4d64906c03600d6eb9abbf36d82c773b31eda8213cf35d0a1b2405c29908d3a62c120b4d0424c9f4a0c15b7fd5f62313b46d8b5ac583352ab007b7f36536
- SSDEEP
  
  768:KIwzCJFBDfoqVGa6IRaIcJjLZTFcYnt+eISD8lLIuGFlOn9EWz+HaUo0URqwACw0:KILBvaZrTFHtS3GFh96Uo5AN+wq
Score

3^/10
behavioral6