pysilon | c6bf772cfa85f5f83e051aab11bafe17e3bbd16372e9f8b77c71298652cccd1f

Sharing

Copy URL

Twitter E-mail

General

Target

source_prepared.exe
Size

103.0MB
Sample

240818-srrj1azdlf
MD5

ce4a29ffe42cfa030dd86f2790717ed8
SHA1

1974f3d45130e0d8055a6b2f85778feebb401804
SHA256

c6bf772cfa85f5f83e051aab11bafe17e3bbd16372e9f8b77c71298652cccd1f
SHA512

fbf4cbf79d9a441454c012dd8592ae57e15a5a13c4f9d8c18f8908d36fd7ca8b8a5068d91bf91f477cd584d868ca2a8e8a8a8115df46eaf905465a8c8910158d
SSDEEP

3145728:WbCOb8S6xjKcBa6c2qHO5iVIinGQbRe0zJcB9aLr5Wo:WBgSWNa6sHCip1XcB9aL

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  103.0MB
- MD5
  
  ce4a29ffe42cfa030dd86f2790717ed8
- SHA1
  
  1974f3d45130e0d8055a6b2f85778feebb401804
- SHA256
  
  c6bf772cfa85f5f83e051aab11bafe17e3bbd16372e9f8b77c71298652cccd1f
- SHA512
  
  fbf4cbf79d9a441454c012dd8592ae57e15a5a13c4f9d8c18f8908d36fd7ca8b8a5068d91bf91f477cd584d868ca2a8e8a8a8115df46eaf905465a8c8910158d
- SSDEEP
  
  3145728:WbCOb8S6xjKcBa6c2qHO5iVIinGQbRe0zJcB9aLr5Wo:WBgSWNa6sHCip1XcB9aL
Score

9^/10

evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  discord_token_grabber.pyc
- Size
  
  15KB
- MD5
  
  00f03a943b3dd6a58279bbff482099c8
- SHA1
  
  56c88f03a5f5d5abae141bc94bf287ce41347dbd
- SHA256
  
  5065f9a9e6699be80d98291b3e9896330dd2595373e5ca58ced55934b2865a90
- SHA512
  
  01b462a02fdab26596f42b3feb783252cebc4a3132e1ef9c73660a74c7e9de2dedebe7e69cf795183dc7bd2baeccea9596387ebd285b263067e30fb681671db6
- SSDEEP
  
  384:YGC7RYmnXavkGP3ltcrhntQ5saa2holHVA:YGCuvkoltcrttQ5saaCgHVA
Score

3^/10
behavioral3 behavioral4
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  b3e069a6d0520f658a3fd652a6e51ca0
- SHA1
  
  3e2590a43b110ec23dbbe4e55145c6f1cd27800e
- SHA256
  
  232fb80756e38b78775ec75d7ee46d15ac394ed7d197b577b2c98dd00709b007
- SHA512
  
  54a3cc21d321003808c2e1b9d52c06738ea0c80842d57ed754b05ff493157b22805a4d484bc46804d83ec052db535ceeb79708087355103cf75e3d2c9e0ce5bb
- SSDEEP
  
  192:kNal3eiNis9QfUF2x3NC79F211G67+EtAhN:kJiB2XtF7jKkAhN
Score

3^/10
behavioral5 behavioral6
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  3af0657bf4d2cdcd8e84aeee71be06f7
- SHA1
  
  bd28a025931e96da24c9818e1a1648d2ce7f5212
- SHA256
  
  83bbb656424fab009b612232bab4970a8bd49c944285975babb3de8f99db9da6
- SHA512
  
  a402b759e427ed78e55650b9188772916787a1734f5dd5a5782d98228c7c9da11057627bcad29aa94139a9c20b1c4ca2e8c92983b38384245855f6da3369dace
- SSDEEP
  
  96:ySMlhlvyz7DweHPF8+VB7sHIZGQSWfvmyyZ1k9qHub:Lolvyzgevq+VBXZGQlvmV1kkHub
Score

3^/10
behavioral7 behavioral8
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  91bebfc811f4706852fc415d7b2cc836
- SHA1
  
  26a7645c5b2590a29bb403cb7be00c3ad5e575b3
- SHA256
  
  fb77fa8b2407db4127a67e37188e0d722c981280b605f6173d737f39e3582dce
- SHA512
  
  1e5ad7a82f60df0d8bc048ff31ca716cc93d1e167ef9f53e916a608b5a7709f884b657854848a9b6e586f994c010f00dba55c9c76f864b93594ff2ce9fddbadd
- SSDEEP
  
  192:h114qWLfhuUIxDPK2cxDJb+XUhitovgEuz:V4qWLfMFyVxDAE/4
Score

3^/10
behavioral10 behavioral9
- Target
  
  source_prepared.pyc
- Size
  
  172KB
- MD5
  
  72f969d9cacfce4003c583b289c12e56
- SHA1
  
  5740c1d1e6980b663657c61dd1cfcbeea845697a
- SHA256
  
  cc77e677ed66db1c00303d13b9d5d9784699513c96e878b8e67d6b7f7e8b83d4
- SHA512
  
  e8c0be07722bb5cbcc6bd41db46db6a8b14ea87e9c5f3e54f14fefe417ba08d3077a5e57681e6b0987a931b53b75587b736e90e07ba39b7059898e123752a031
- SSDEEP
  
  3072:+rUyD0aOO2IC1VSTro4PZTw0I1ScQaQV+COOIvdXzeBsTWn:+rHD0aOO2ICarooIoRECLsM
Score

5^/10

discovery
- Drops file in System32 directory
behavioral11 behavioral12