Overview

overview

8

Static

static

8

PySilon-ma...2).zip

windows7-x64

1

PySilon-ma...2).zip

windows10-2004-x64

1

PySilon-ma...nux.sh

ubuntu-18.04-amd64

1

PySilon-ma...nux.sh

debian-9-armhf

1

PySilon-ma...nux.sh

debian-9-mips

1

PySilon-ma...nux.sh

debian-9-mipsel

1

PySilon-ma...on.bat

windows7-x64

1

PySilon-ma...on.bat

windows10-2004-x64

1

PySilon-ma...der.py

windows7-x64

3

PySilon-ma...der.py

windows10-2004-x64

3

PySilon-ma...ler.py

windows7-x64

3

PySilon-ma...ler.py

windows10-2004-x64

3

PySilon-ma...64.exe

windows7-x64

4

PySilon-ma...64.exe

windows10-2004-x64

4

PySilon-ma...ber.py

windows7-x64

3

PySilon-ma...ber.py

windows10-2004-x64

3

PySilon-ma...ies.py

windows7-x64

3

PySilon-ma...ies.py

windows10-2004-x64

3

PySilon-ma...64.dll

windows7-x64

1

PySilon-ma...64.dll

windows10-2004-x64

1

PySilon-ma...isc.py

windows7-x64

3

PySilon-ma...isc.py

windows10-2004-x64

3

PySilon-ma...ber.py

windows7-x64

3

PySilon-ma...ber.py

windows10-2004-x64

3

PySilon-ma...ons.py

windows7-x64

3

PySilon-ma...ons.py

windows10-2004-x64

3

PySilon-ma...rol.py

windows7-x64

3

PySilon-ma...rol.py

windows10-2004-x64

3

PySilon-ma...put.py

windows7-x64

3

PySilon-ma...put.py

windows10-2004-x64

3

PySilon-ma...sod.py

windows7-x64

3

PySilon-ma...sod.py

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 23:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PySilon-malware-3.7.5/resources/passwords_grabber.py

  • Size

    4KB

  • MD5

    d501b318f5df2e0c18cef8a64161326b

  • SHA1

    8d3d44fce5a9df6fa728f6f090e0a6c239c90736

  • SHA256

    6bae31f78fa66e73da3a5d7e7e489c4c79d36da8811fa94d5bbf052eb3d28f86

  • SHA512

    683f2d34a12712a65a293d7b7ede3028a52ed0f5aebb6a9c18cbeafcfe769c20b07e7db2af31edb60f4ac870c2aa16a16a625270242ca6b9dbb30f740b1f6340

  • SSDEEP

    96:D9b569f3ItMS2tdNWkOHKy0BZfnMJ6dHZdgoLHZtU5jNEYDmbVjp5t:Dl569f3wM5N/OdcZvMJ6dH/bZtUjFDGV

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PySilon-malware-3.7.5\resources\passwords_grabber.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PySilon-malware-3.7.5\resources\passwords_grabber.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PySilon-malware-3.7.5\resources\passwords_grabber.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e358a68497d04d99820148a2fae2f1e9

    SHA1

    058eac51ba975334dc5305d504d64122c24e867d

    SHA256

    83247e2215ab175fcc2e83c6e9d71592bbb40376125e55dcef23161f3c9f4c9a

    SHA512

    7e1384868e2c92c920980d3f3ddbc9bf42d1d53b273ec625830fa8f2aef2ebcef70d7ff212eb329b8e75f68bfb65da3ccd28f99eacebf2fcbd9068bea7e0475e

    Download Submit