pysilon | 9f9f993ca6b17334a23029994a607f06e1769ae55284931fdef96a5bce2446a4

General

Target

xteg_rbx_beamer.exe
Size

77.0MB
Sample

240918-z1fbnateql
MD5

e401c9b7b61b6fcf765d752d8f5d94cb
SHA1

4b1deaf2d690acd4ff460f336db8eec62080ff84
SHA256

9f9f993ca6b17334a23029994a607f06e1769ae55284931fdef96a5bce2446a4
SHA512

d91fe689958c44135a4cea7f1aebaf801d4bd628945c9602cc57cee8c71cc7ea2c74377670767f18c450c0824b881360596640c52611e8bc40740367207f2e06
SSDEEP

1572864:NvHcRlnWUmSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdgD7U3ayyOlqH1O3:NvHcRVLmSkB05awFjdQnApu/7U393cO3

Score

10^/10

Malware Config

Targets

- Target
  
  xteg_rbx_beamer.exe
- Size
  
  77.0MB
- MD5
  
  e401c9b7b61b6fcf765d752d8f5d94cb
- SHA1
  
  4b1deaf2d690acd4ff460f336db8eec62080ff84
- SHA256
  
  9f9f993ca6b17334a23029994a607f06e1769ae55284931fdef96a5bce2446a4
- SHA512
  
  d91fe689958c44135a4cea7f1aebaf801d4bd628945c9602cc57cee8c71cc7ea2c74377670767f18c450c0824b881360596640c52611e8bc40740367207f2e06
- SSDEEP
  
  1572864:NvHcRlnWUmSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdgD7U3ayyOlqH1O3:NvHcRVLmSkB05awFjdQnApu/7U393cO3
Score

9^/10

discovery evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  15KB
- MD5
  
  e150466b71e3736a1a4ba5833a2424be
- SHA1
  
  ebb501650d520131e4d234a431785dfa191c630e
- SHA256
  
  b1b849ab5de18c5cc018f941bc7362eec8d5019ec73fed3ef56a0fb7ae832fe6
- SHA512
  
  b656fe2446b9fa5d93a0845412f6714d6af03be7cd0417c56594b1f33cb18e8f0ef57878c45c54176b3577ac9ae840620fff73ef5c4aefcb5615b714815c335a
- SSDEEP
  
  384:YGC7RYmnXavkLPJrltcshntQ5saa2holHVA:YGCuvkL9ltcsttQ5saaCgHVA
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  06edc64263be4dbe97e99f510d1cf859
- SHA1
  
  f9f4e8fc35ddf244cb215146f5097916bfeaa96e
- SHA256
  
  d7444836c6013f4995383b0a76818dbc9cbc5b61965b5940dc4784a1dd333b9b
- SHA512
  
  ab2a84b0027413584fb3bc310f18c11c6cabb953a094120295432fbbd8c34b72f2b41176d50a43f8b0dd0c65d2e6b7bb47e755db22fb7f405cd9fb2b42b747cc
- SSDEEP
  
  192:kNaBBeiNR9QfUF2x3NC79F21aG67+DAhN:kPiT2XtFcjKDAhN
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  d58911ee31690aea12a3fe4bda5ca9ca
- SHA1
  
  a350efff87c56de2dc8edbddc557856d7ea159ea
- SHA256
  
  88bd58dcda76c1a090eb08b36d42ee7b807d49d32569d69ebea219c0be7075ca
- SHA512
  
  6bd5394c098948c488229fb93c69b979fe049d8e7697d9ae8056fd2054cbe97bc00633802d76c14c80e525f1266e87aecb01cbe1e666f6eb5e3dbb1277b20ff1
- SSDEEP
  
  96:ySMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:Lolvyz8evq+VBXZGQlvmV1k5hub
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  c38f9b93904c57adc285f1ecc151e8a7
- SHA1
  
  d50dde8e63de1c26397a8376535797849a24ec03
- SHA256
  
  60fb1d1502b4c1c1b810fce313414d7b107ae6de7d8e303fd22b1b582b5c134d
- SHA512
  
  627bab4cfb6696272ee1ca2c216bdd9b1ea322e83f32929ba497fb94cfd948cad1214340de9bfb464dc1bfd3140213fd02ee9b6173e4bf7abab69b5a9dc47eca
- SSDEEP
  
  192:h114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:V4qWLlMFyVMHAE/4
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  172KB
- MD5
  
  e611aa86b667a6c31c0c10e21291b358
- SHA1
  
  03227de81a19a66674be9a33cd53caf7225f33a5
- SHA256
  
  fdff2bf34341e79c5f740896cf14b6e8b2cb23e8fe35ea237bedc2f9536bc99b
- SHA512
  
  47a6e67c4fc2cd3bbd1ea1ed047df166eb15996bc35cd8d2bc65c67f08ebb4c8da433bb8d89c6633803707bcdabfcd8cf01ce3f8555594012a0691b56269c86d
- SSDEEP
  
  3072:CFfogC0aOO2rG1VST/ovPZTerUScdQQV+C/iIvdXzphsTxw:CLC0aOO2rGa/o0j8SCrse
Score

3^/10
behavioral6