pysilon | 385e9e242439db584a52a59e3a423d9f267d003d049d29dcdab9210d3e4c95c6

General

Target

nigger.exe
Size

76.6MB
Sample

240314-1v2s5sge3t
MD5

5d116b3692937c2c659be96ee703484e
SHA1

9d7216e34db97dde3c8630776d41323ac24a70b5
SHA256

385e9e242439db584a52a59e3a423d9f267d003d049d29dcdab9210d3e4c95c6
SHA512

ab6d3ebea36cfd68de1afcf23a66d9971aadd27901de73522481bda14ae88270ec8d750ce4c4c29e512f095aaa4cd7a650991bf00ce7079153cb8de46566f81f
SSDEEP

1572864:AvbzjbOWSk8IpG7V+VPhqYdfME7pjx9mWcRIsjHEYuMbkytMWhFSjHqYIdnB:AvbzOWSkB05awcfbt3cRDkYltMg2WdB

Score

10^/10

Malware Config

Targets

- Target
  
  nigger.exe
- Size
  
  76.6MB
- MD5
  
  5d116b3692937c2c659be96ee703484e
- SHA1
  
  9d7216e34db97dde3c8630776d41323ac24a70b5
- SHA256
  
  385e9e242439db584a52a59e3a423d9f267d003d049d29dcdab9210d3e4c95c6
- SHA512
  
  ab6d3ebea36cfd68de1afcf23a66d9971aadd27901de73522481bda14ae88270ec8d750ce4c4c29e512f095aaa4cd7a650991bf00ce7079153cb8de46566f81f
- SSDEEP
  
  1572864:AvbzjbOWSk8IpG7V+VPhqYdfME7pjx9mWcRIsjHEYuMbkytMWhFSjHqYIdnB:AvbzOWSkB05awcfbt3cRDkYltMg2WdB
Score

9^/10

evasion persistence upx
- Enumerates VirtualBox DLL files
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  15KB
- MD5
  
  990bb1210323b8968b180576cf8114d6
- SHA1
  
  a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b
- SHA256
  
  b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208
- SHA512
  
  43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a
- SSDEEP
  
  384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  9bdb8627dc166823e7d60603575b689a
- SHA1
  
  de56b5f8b3e891ad07760544132bd357f1e62368
- SHA256
  
  1078edad1660d103c2135793ea9707e4ef7877fb4be7b87c0e538ed84920212c
- SHA512
  
  789d21f744eff44456585fd27cd88a67e26b55ed1a043aa76a4b5e63f7dfad99013ca09b15fabecd041f8d35f8d22502c08efd0bb11d26ca083f02a64eae6d3a
- SSDEEP
  
  192:kNal3eiNis9QfUFoxJvm79F211G67+PtAhN:kJiB2lrj7jKlAhN
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  204ee497021e32209ddde0c015b4dc19
- SHA1
  
  6aa2c039e6b6fbfb3620d4fe42d115553702146b
- SHA256
  
  a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2
- SHA512
  
  961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12
- SSDEEP
  
  96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  bbb6ab7b8230cca0ac46532a612143d0
- SHA1
  
  4bf5ebb19c5807cfb4b48191ec65b329d67763cd
- SHA256
  
  8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4
- SHA512
  
  21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e
- SSDEEP
  
  192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  173KB
- MD5
  
  f58e681877820b3c307d19f9fe09f63e
- SHA1
  
  fc90c82c0a80a2cb86057780b018dadc4b9f3400
- SHA256
  
  1514762f31aabe9b79da456a350e7253ee8ab87004b0e979c2f1a79ecb240aeb
- SHA512
  
  3d965dc67325c6049225e680501b5f04ef51273bfa011953b615cb76db47e509911c0bd795b8f2cf02ce00c6d6929ec0d7d82277e99bad19ae422f6f673c6080
- SSDEEP
  
  3072:+r/XW0aOO2v71+ayFoLPZTJ0pZyScWaQV+lHvIvdXz0sTWu:+r/XW0aOO2v7qFocpL9ElBsP
Score

3^/10
behavioral6