pysilon | 2444abe6528d3c4c56ad8517ac6470f1d98b1d6d70cf710bc51aa003d99506b0

General

Target

Rat.exe
Size

30.8MB
Sample

240707-tbzfcavdmn
MD5

64fb65ed4d9318b80580321f182f847c
SHA1

50ea847b4b09952a72ced0c48fd828e9e76af251
SHA256

2444abe6528d3c4c56ad8517ac6470f1d98b1d6d70cf710bc51aa003d99506b0
SHA512

be242afba5dbe6ed9016563e0feed9fa42a469e957d39717952751921d177c36fcaf8b2f4e4756f81a78d881835431787aa4f6f68cb92b1ecd75e1cb0003f4c5
SSDEEP

786432:Y9Z9OAQpOEwK7zcY87WGqH6AHW8ZQGZ/M62r:6vhQpoKHE7WGmHWfGZ/p

Score

10^/10

Malware Config

Targets

- Target
  
  Rat.exe
- Size
  
  30.8MB
- MD5
  
  64fb65ed4d9318b80580321f182f847c
- SHA1
  
  50ea847b4b09952a72ced0c48fd828e9e76af251
- SHA256
  
  2444abe6528d3c4c56ad8517ac6470f1d98b1d6d70cf710bc51aa003d99506b0
- SHA512
  
  be242afba5dbe6ed9016563e0feed9fa42a469e957d39717952751921d177c36fcaf8b2f4e4756f81a78d881835431787aa4f6f68cb92b1ecd75e1cb0003f4c5
- SSDEEP
  
  786432:Y9Z9OAQpOEwK7zcY87WGqH6AHW8ZQGZ/M62r:6vhQpoKHE7WGmHWfGZ/p
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  8KB
- MD5
  
  6b2aaa23f9b67dca5fa0efd9d96e9060
- SHA1
  
  07293442aa33cbc0afc1b69af287b1fede2e9a70
- SHA256
  
  f49ba791814001b3d4101685bfebb635cdaf3103407a08171bb5d6bbe3e79c77
- SHA512
  
  bcd7b41e7758b30954b0e24db5d53d3d904b6c4b9a5105bd33e5dddddb310614cc09a028d0cd8ccb6a272ce5eba0e9142a1cc36ec848b54fb99b695752b5e20d
- SSDEEP
  
  192:ESB7osP1MJaugwXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavwTqacyq35D0Fnv
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  5KB
- MD5
  
  2754e3152f668e31fccca7b6f275716b
- SHA1
  
  e9ed74d679a96372c4457e72bc6639a4d96a2378
- SHA256
  
  f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
- SHA512
  
  a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
- SSDEEP
  
  96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  2KB
- MD5
  
  bcb404423ac51f798753e8d11e401071
- SHA1
  
  9080018dae3aa157e3a97904c86af06d4a0a6873
- SHA256
  
  572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
- SHA512
  
  25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  4KB
- MD5
  
  8b9cbd29c3dfec519a4313b1b7a0069b
- SHA1
  
  5efb073593bc8908a7514dad78673c9d65344a6f
- SHA256
  
  589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
- SHA512
  
  c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
- SSDEEP
  
  96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  57KB
- MD5
  
  181cdd9d02dfeb31cbb9e0688d15b3dd
- SHA1
  
  a97b750d667e603ce7790c1e3d324c9b2601f570
- SHA256
  
  ea51ecccd7e6760e33921a6610bdfb0abda6a193b7205a2cd006831f47fded80
- SHA512
  
  da558827f57636e22a42049004f56017a471f6faf0a39f5b8269adc731cf6ee3dad170290aff912dca90a2f088044a1cbe227f4d045fc1b482664a98f1bb3af3
- SSDEEP
  
  768:9K4tqlgJ+N16URHkqoiJjckQfxEoedZlk2xNk9xSXBLunToFUJqM95H9tR:9WgQvHtFefxxCk2xNgaqnToa9rn
Score

3^/10
behavioral6