pysilon | dba97e95d6b9c7c9bdc097d22d3230dae57b429e8823d5b4df140e9fbb78995c

General

Target

AutoBeamer V1.1.rar
Size

73.3MB
Sample

240819-lpwmlsxaph
MD5

9429ec77c1a94932261d618840d6875e
SHA1

966749512c1c75389191be47ba5993d6154e8985
SHA256

dba97e95d6b9c7c9bdc097d22d3230dae57b429e8823d5b4df140e9fbb78995c
SHA512

49f325bbde71117f71bfc3a0242058abe45197754126c54cd98b9715bcbb0b76dd7cefe8cc5c3c487c17644038a04f4e8fae70a90ad4c2f904358fc4f5d12e3a
SSDEEP

1572864:Ujls2avFamHZAMSEoEhwT23vhYoeeoqRY/riUkaCipgeI/KXK:dBIm59tBhwWpYoPoKY/r2aHgxt

Score

10^/10

Malware Config

Targets

- Target
  
  AutoBeamer V1.1.exe
- Size
  
  76.3MB
- MD5
  
  bbfa9b45088705800ce901e3043d051b
- SHA1
  
  4b76ab4c598310c5dd0e9e6a33c69fc86522bfd8
- SHA256
  
  c4de28267a0f3547e28d72b75d077b0143f56cffbc657a1d122ec069df47e049
- SHA512
  
  c7c35bd1a13c6e690c587544c4e884a2de6c3d50196ee07a9c392b211580683d314938a4fd7ee2ab34895b699a2699a9b053276d47d75230c9facf0f37009b27
- SSDEEP
  
  1572864:fvhQ6lNWeq7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDa+YZ48uT:fvh1f1qPSkB05awIxTy5nMHVLtetLuT
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  8KB
- MD5
  
  849e6942b15c2008c7641432902645f5
- SHA1
  
  60942191e1ab3c6d3edf697b57d09c1620c51710
- SHA256
  
  fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b
- SHA512
  
  0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a
- SSDEEP
  
  192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  5KB
- MD5
  
  2754e3152f668e31fccca7b6f275716b
- SHA1
  
  e9ed74d679a96372c4457e72bc6639a4d96a2378
- SHA256
  
  f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
- SHA512
  
  a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
- SSDEEP
  
  96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  2KB
- MD5
  
  bcb404423ac51f798753e8d11e401071
- SHA1
  
  9080018dae3aa157e3a97904c86af06d4a0a6873
- SHA256
  
  572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
- SHA512
  
  25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  4KB
- MD5
  
  8b9cbd29c3dfec519a4313b1b7a0069b
- SHA1
  
  5efb073593bc8908a7514dad78673c9d65344a6f
- SHA256
  
  589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
- SHA512
  
  c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
- SSDEEP
  
  96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  65KB
- MD5
  
  67a9c5fb1e6e81bec4af76143d95de94
- SHA1
  
  54678ac9ff3cc602436a7048a497bb1f84fafbc1
- SHA256
  
  d72c1e5fe9cf5bbc5012ea2074c99e6f76f2ea87a420d9d805a9f5708b3a8d67
- SHA512
  
  9b17c493db7f0cb44677fd1e89d8d9cacac0c928b26674aa9771d271e57914155082b2e1de07ec4ebe52eb5932a3b315dd1017891fd31153349428c802e70b5a
- SSDEEP
  
  1536:IaygVgJPkBBj1uYCFjUIOihdBsoGwjRQ53:Og2FkBkFwIOCsoD0
Score

3^/10
behavioral6