pysilon | e4b0649ffffbdd46cce4134b2233ae5b714cf75ea789f88791432898be8ddba1

General

Target

source_prepared.exe
Size

77.7MB
Sample

240808-rwwtvaybrd
MD5

c4d6c870cf49e59ab55b94c55a490722
SHA1

9859ab3d3c8f3478938f6711126e18d74144bbc3
SHA256

e4b0649ffffbdd46cce4134b2233ae5b714cf75ea789f88791432898be8ddba1
SHA512

194704a9a312b8bcedf8537d3354ee03aa8be64d68451d76fba2f4897ef8319dadb584e6b777b323d8e6ad14b943cb1693ff8f5c703cbbd28542509bb7949e30
SSDEEP

1572864:9vHcRlPKh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4mVuxa/Z9UN/:9vHcRAhTSkB05awqfhdCpukdRPs9U

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  77.7MB
- MD5
  
  c4d6c870cf49e59ab55b94c55a490722
- SHA1
  
  9859ab3d3c8f3478938f6711126e18d74144bbc3
- SHA256
  
  e4b0649ffffbdd46cce4134b2233ae5b714cf75ea789f88791432898be8ddba1
- SHA512
  
  194704a9a312b8bcedf8537d3354ee03aa8be64d68451d76fba2f4897ef8319dadb584e6b777b323d8e6ad14b943cb1693ff8f5c703cbbd28542509bb7949e30
- SSDEEP
  
  1572864:9vHcRlPKh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4mVuxa/Z9UN/:9vHcRAhTSkB05awqfhdCpukdRPs9U
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  15KB
- MD5
  
  990bb1210323b8968b180576cf8114d6
- SHA1
  
  a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b
- SHA256
  
  b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208
- SHA512
  
  43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a
- SSDEEP
  
  384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  9bdb8627dc166823e7d60603575b689a
- SHA1
  
  de56b5f8b3e891ad07760544132bd357f1e62368
- SHA256
  
  1078edad1660d103c2135793ea9707e4ef7877fb4be7b87c0e538ed84920212c
- SHA512
  
  789d21f744eff44456585fd27cd88a67e26b55ed1a043aa76a4b5e63f7dfad99013ca09b15fabecd041f8d35f8d22502c08efd0bb11d26ca083f02a64eae6d3a
- SSDEEP
  
  192:kNal3eiNis9QfUFoxJvm79F211G67+PtAhN:kJiB2lrj7jKlAhN
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  204ee497021e32209ddde0c015b4dc19
- SHA1
  
  6aa2c039e6b6fbfb3620d4fe42d115553702146b
- SHA256
  
  a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2
- SHA512
  
  961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12
- SSDEEP
  
  96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  bbb6ab7b8230cca0ac46532a612143d0
- SHA1
  
  4bf5ebb19c5807cfb4b48191ec65b329d67763cd
- SHA256
  
  8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4
- SHA512
  
  21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e
- SSDEEP
  
  192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  173KB
- MD5
  
  d329f35d1ca69767513432512b23b2ef
- SHA1
  
  61dbf5ff494bb495b99e1f0a7e5179ff6d7bffee
- SHA256
  
  89ff705f5e7d871ebddfaf76083c0ff39191c720af6989e28bf2023b927111cf
- SHA512
  
  bedbcf30a8734c0129676a1f935eb38f9d52e02fd5af7c2e75a5552d08236cf672c650512c133b10ba31d1fe794d46b3dfa822b736623a2c8d42ccb11fbbad67
- SSDEEP
  
  3072:CFftHzg0aOO/nm1w1UyoePZTJ0pZyScWaQV+QmIvdXzxsTWu:Cfg0aOO/nmpyotpL9EQFsP
Score

3^/10
behavioral6