pysilon | 28527bd773c9bfa7302c7cd5614c357606d034309050980361519761a6ca64ca

Sharing

Copy URL

Twitter E-mail

General

Target

source_prepared.exe
Size

103.4MB
Sample

240807-alnl2svern
MD5

3b73fc933d169c46ccf99bf3a7d29c87
SHA1

0087b278b530591d8189aa7d8535e515dee75165
SHA256

28527bd773c9bfa7302c7cd5614c357606d034309050980361519761a6ca64ca
SHA512

40a2b90bb41e3070213cb24c072fc4ba7fb490f2f9efc7e84ff7741845604f15c87ccf26636ee29a95320db1e40957dc38e3203687d7bd2180d23e72a52d98cf
SSDEEP

3145728:EgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWIs9U:ogSWNaIsHCiH1XcBWV

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  103.4MB
- MD5
  
  3b73fc933d169c46ccf99bf3a7d29c87
- SHA1
  
  0087b278b530591d8189aa7d8535e515dee75165
- SHA256
  
  28527bd773c9bfa7302c7cd5614c357606d034309050980361519761a6ca64ca
- SHA512
  
  40a2b90bb41e3070213cb24c072fc4ba7fb490f2f9efc7e84ff7741845604f15c87ccf26636ee29a95320db1e40957dc38e3203687d7bd2180d23e72a52d98cf
- SSDEEP
  
  3145728:EgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWIs9U:ogSWNaIsHCiH1XcBWV
Score

9^/10

evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  discord_token_grabber.pyc
- Size
  
  15KB
- MD5
  
  990bb1210323b8968b180576cf8114d6
- SHA1
  
  a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b
- SHA256
  
  b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208
- SHA512
  
  43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a
- SSDEEP
  
  384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  9bdb8627dc166823e7d60603575b689a
- SHA1
  
  de56b5f8b3e891ad07760544132bd357f1e62368
- SHA256
  
  1078edad1660d103c2135793ea9707e4ef7877fb4be7b87c0e538ed84920212c
- SHA512
  
  789d21f744eff44456585fd27cd88a67e26b55ed1a043aa76a4b5e63f7dfad99013ca09b15fabecd041f8d35f8d22502c08efd0bb11d26ca083f02a64eae6d3a
- SSDEEP
  
  192:kNal3eiNis9QfUFoxJvm79F211G67+PtAhN:kJiB2lrj7jKlAhN
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  204ee497021e32209ddde0c015b4dc19
- SHA1
  
  6aa2c039e6b6fbfb3620d4fe42d115553702146b
- SHA256
  
  a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2
- SHA512
  
  961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12
- SSDEEP
  
  96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  bbb6ab7b8230cca0ac46532a612143d0
- SHA1
  
  4bf5ebb19c5807cfb4b48191ec65b329d67763cd
- SHA256
  
  8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4
- SHA512
  
  21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e
- SSDEEP
  
  192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  source_prepared.pyc
- Size
  
  168KB
- MD5
  
  afc281f46dd51277ee08ca3742560be3
- SHA1
  
  e37e263f2dfb53b6bcf488521983d4b0d8601ffb
- SHA256
  
  fb842e91d84b97e83f398b308c60cb90bfc0fc3511362ae39dd690761d31a547
- SHA512
  
  cd73589a601694a1a0a5e319bec2df6746b3f56892d45d42eeb061f679c613b5cbf815581513062e4e99081e19ab472d0c68d122ae8f548de4b02c7deeaaa1f5
- SSDEEP
  
  3072:sMlf5aOO2UaSMS46o4PZTJ0pZXScT0wfxIvdXzrsTWP:sM55aOO2UaSc6ojpUY0wfksS
Score

3^/10

discovery
behavioral11 behavioral12