Overview

overview

10

Static

static

10

source_prepared.exe

windows10-2004-x64

9

source_prepared.exe

windows11-21h2-x64

9

discord_to...er.pyc

windows10-2004-x64

3

discord_to...er.pyc

windows11-21h2-x64

3

get_cookies.pyc

windows10-2004-x64

3

get_cookies.pyc

windows11-21h2-x64

3

misc.pyc

windows10-2004-x64

3

misc.pyc

windows11-21h2-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows11-21h2-x64

3

source_prepared.pyc

windows10-2004-x64

3

source_prepared.pyc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    80.9MB

  • Sample

    240814-ce8pravbpg

  • MD5

    b725932b6972e23a7faaf6919c051560

  • SHA1

    92f98126125fe7d05415bb03112e83a8e32cbdf1

  • SHA256

    7809a549491d10155d1424c647bd362404d63a89a330f471f036a40f8fd1edf5

  • SHA512

    3f49209ab815a09e0eef1faa441386413bc4f39b056cb68b463c81ba3d7e42eca0c7ec6edd6586dccb55180ff09b2c1c94fed44a3a2e59f12ea0be0e4b8b9568

  • SSDEEP

    1572864:6XAcQglX8DWw7vaSk8IpG7V+VPhqO+6CE7ylg0iYgj+h58sMwLIG94LuqDXX:6XAc5RcneSkB05awO+6ee+53N94p

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      80.9MB

    • MD5

      b725932b6972e23a7faaf6919c051560

    • SHA1

      92f98126125fe7d05415bb03112e83a8e32cbdf1

    • SHA256

      7809a549491d10155d1424c647bd362404d63a89a330f471f036a40f8fd1edf5

    • SHA512

      3f49209ab815a09e0eef1faa441386413bc4f39b056cb68b463c81ba3d7e42eca0c7ec6edd6586dccb55180ff09b2c1c94fed44a3a2e59f12ea0be0e4b8b9568

    • SSDEEP

      1572864:6XAcQglX8DWw7vaSk8IpG7V+VPhqO+6CE7ylg0iYgj+h58sMwLIG94LuqDXX:6XAc5RcneSkB05awO+6ee+53N94p

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      b1549a826942ffd6e5850abe54fbc5ee

    • SHA1

      32df6837bccaf45278782c9e6924455dc4166363

    • SHA256

      4a3ecb93ca81bc8754a8fc926270f649ae7d00e9a2ef092abf00c86a0c4634f0

    • SHA512

      253bbf7b789de7196f330644ffbc53f6126d5113f045a3766139de7ed9c27cba4321b550a4450a59a80bc56f187dfe4749a9906f5f0494308943ded06016b18b

    • SSDEEP

      384:cGllyAavQS9F0RW807PPQviowoYbCD+Mo8WWIc02a8:cIlytv39iRW8inQ6owoYOSM0d2a8

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      d157cf31f7829c5c9c88e656409840c6

    • SHA1

      1d53ed755119f80284b52f2e17198e2943452b92

    • SHA256

      a68afbac4d16fa89db22d81f6010f520868fafd50c1b2c8d868a662d210301ff

    • SHA512

      ccbdfc5c9db196f0a10195c6f52e6fccf073020a6715f2407da23800b12ef9bb6d7e7ffe08cbe448bea7fb7b5ef8772c931e2e129d3ec73151dafcbf7c610793

    • SSDEEP

      192:TzOCIeinQfUF9LdwOEVOFc1mNe4qo+zEzzzzz1zz+HoowAE:TzOUiQccEe4qoOIAE

    Score
    3/10
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      31aa260c6cdeaa9d942cd0dcfcadd16a

    • SHA1

      a6818f3acf5c2ab9d65b41a81cb92b36b85cc932

    • SHA256

      b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c

    • SHA512

      0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ

    Score
    3/10
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      704dced7f7530b19a34a5f7a71c26b10

    • SHA1

      608d9647488cfa2b5f84a891028168a973bfcfa9

    • SHA256

      1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac

    • SHA512

      e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f

    • SSDEEP

      192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn

    Score
    3/10
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      185KB

    • MD5

      22329a85a56ab2cb60811d37c2d28a6f

    • SHA1

      230f47a61a4c2cf3e6baa09fb300bd1e8c945e05

    • SHA256

      27d6ed63ddfd22867d7c26d9717bc2ca16440952cb7650d10cfe60cadb35edaa

    • SHA512

      91c2af4644e207c6895d7e43dc369021998694279b4772ea2be701c8c6efce946e46818e9ccada43f6f224f3e9f2b6cc83373e194ef9ed41c5f7925e4d64f62d

    • SSDEEP

      3072:wT9ELaiI6A9MmlbJo2PEtelZN+tVZa/zqge6/qWCkn0:wTWWiILHJo28cN+7Za/zqgeqxCh

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks