General
-
Target
pypyp.exe
-
Size
6.8MB
-
Sample
240619-a87nfavdln
-
MD5
15b4eb5fca4bfb8cdc90e8b757eeb7e5
-
SHA1
8e6b9b5a81e98410cba5b878983d0d35f86a488a
-
SHA256
f8a453ef88b89d9616b215f56a149e2a2dec681afa02cbe92df39e2689ca8b06
-
SHA512
df2494fa7129ed06cbb825db20b08f8862ae6ed5e53c3c2415f34c5757c960261bc9dceb2d043e58026ae1a7f7b53b5cbe5bbd90d68fcd4e1d8239eb6c1c44a6
-
SSDEEP
196608:0sS9x6JYdQmRJ8dA6lSuqaycBIGpESXCV7dA3/O72:JYdQuslSq9HyV2a
Behavioral task
behavioral1
Sample
pypyp.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
pypyp.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
pypyp.pyc
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
pypyp.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
pypyp.exe
-
Size
6.8MB
-
MD5
15b4eb5fca4bfb8cdc90e8b757eeb7e5
-
SHA1
8e6b9b5a81e98410cba5b878983d0d35f86a488a
-
SHA256
f8a453ef88b89d9616b215f56a149e2a2dec681afa02cbe92df39e2689ca8b06
-
SHA512
df2494fa7129ed06cbb825db20b08f8862ae6ed5e53c3c2415f34c5757c960261bc9dceb2d043e58026ae1a7f7b53b5cbe5bbd90d68fcd4e1d8239eb6c1c44a6
-
SSDEEP
196608:0sS9x6JYdQmRJ8dA6lSuqaycBIGpESXCV7dA3/O72:JYdQuslSq9HyV2a
Score7/10-
Loads dropped DLL
-
-
-
Target
pypyp.pyc
-
Size
1KB
-
MD5
81fd3facdc3b42f1528eea527c9c042e
-
SHA1
69050abc6314b07284a5d06f878478a11763384c
-
SHA256
2b00459301bb3c1b7ed60c6b143e1efeb07ef12baded2a205ab0207655622d5e
-
SHA512
29c3c963028efa1683972eaf024720a3a95b2dc940326558e5639c5d6911e2e095bd3db148cc8cf6ee9c8ff3105aaafe2f3b018d87adbc6dcf0017fc6e1d8a9d
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-