pysilon | aa19a739c0334147139786d3fb32455b9cccb24476217f3a5f623e099c63b9cb | Triage

Sharing

General

Target

123.exe
Size

93.3MB
Sample

240829-wgm1lswajk
MD5

1c5294536ddefcf714da36bee3d3b80d
SHA1

2252890e706776cd7c4aae9b8ede7afbc01f656c
SHA256

aa19a739c0334147139786d3fb32455b9cccb24476217f3a5f623e099c63b9cb
SHA512

1299244faeba4f41324750172fdca7de7a359e931d1bb0e48f14171f6936c50aafe52892e42916f989872c128259eec31aa8c1cfcf6492196ab87b81614562e5
SSDEEP

1572864:bAouQeepnRQ/KZYlct2rV6xoxV6QjykrP2OGTh5kdLYzWirAH8+1osuTCSxOB6xf:UBop2SQct20WPVjyi7+ydLYzWS6xjKc8

Score

10^/10

pysilon persistence pyinstaller

Malware Config

Targets

- Target
  
  123.exe
- Size
  
  93.3MB
- MD5
  
  1c5294536ddefcf714da36bee3d3b80d
- SHA1
  
  2252890e706776cd7c4aae9b8ede7afbc01f656c
- SHA256
  
  aa19a739c0334147139786d3fb32455b9cccb24476217f3a5f623e099c63b9cb
- SHA512
  
  1299244faeba4f41324750172fdca7de7a359e931d1bb0e48f14171f6936c50aafe52892e42916f989872c128259eec31aa8c1cfcf6492196ab87b81614562e5
- SSDEEP
  
  1572864:bAouQeepnRQ/KZYlct2rV6xoxV6QjykrP2OGTh5kdLYzWirAH8+1osuTCSxOB6xf:UBop2SQct20WPVjyi7+ydLYzWS6xjKc8
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2