pysilon | dfeedb9e817266b897dea29d99e23f599d47caf70c4eb1bf5ca6844f2289594c

General

Target

Tempures Setup.exe
Size

75.7MB
Sample

240927-xga7gswhpe
MD5

c790ffc804f1d18899c14fc6a948643e
SHA1

360a3c77fb2e941832880697b1a2f82af1d7ff2b
SHA256

dfeedb9e817266b897dea29d99e23f599d47caf70c4eb1bf5ca6844f2289594c
SHA512

62a11e3b3e57f953763f292a752f06663348c07d5b59fc6094a71a5cff91ccf1aa18c373f744540ae5b1d60d675b85e7ddc11489dee9b47da5d93f70bb573e27
SSDEEP

1572864:dvhQ6lUWCWSk8IpG7V+VPhqIUE7WTylPj4iY4MHHLeqPNLtDaEKlZi2BUO:dvh1mTWSkB05awIATy5nMHVLteNlNBn

Score

10^/10

Malware Config

Targets

- Target
  
  Tempures Setup.exe
- Size
  
  75.7MB
- MD5
  
  c790ffc804f1d18899c14fc6a948643e
- SHA1
  
  360a3c77fb2e941832880697b1a2f82af1d7ff2b
- SHA256
  
  dfeedb9e817266b897dea29d99e23f599d47caf70c4eb1bf5ca6844f2289594c
- SHA512
  
  62a11e3b3e57f953763f292a752f06663348c07d5b59fc6094a71a5cff91ccf1aa18c373f744540ae5b1d60d675b85e7ddc11489dee9b47da5d93f70bb573e27
- SSDEEP
  
  1572864:dvhQ6lUWCWSk8IpG7V+VPhqIUE7WTylPj4iY4MHHLeqPNLtDaEKlZi2BUO:dvh1mTWSkB05awIATy5nMHVLteNlNBn
Score

9^/10

discovery evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  8KB
- MD5
  
  849e6942b15c2008c7641432902645f5
- SHA1
  
  60942191e1ab3c6d3edf697b57d09c1620c51710
- SHA256
  
  fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b
- SHA512
  
  0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a
- SSDEEP
  
  192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  5KB
- MD5
  
  2754e3152f668e31fccca7b6f275716b
- SHA1
  
  e9ed74d679a96372c4457e72bc6639a4d96a2378
- SHA256
  
  f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
- SHA512
  
  a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
- SSDEEP
  
  96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  2KB
- MD5
  
  bcb404423ac51f798753e8d11e401071
- SHA1
  
  9080018dae3aa157e3a97904c86af06d4a0a6873
- SHA256
  
  572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
- SHA512
  
  25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  4KB
- MD5
  
  8b9cbd29c3dfec519a4313b1b7a0069b
- SHA1
  
  5efb073593bc8908a7514dad78673c9d65344a6f
- SHA256
  
  589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
- SHA512
  
  c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
- SSDEEP
  
  96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  65KB
- MD5
  
  515c9144beed028f03e422991343eed7
- SHA1
  
  ce1bd7a625a7b1275106774f4f23a6051e284b7d
- SHA256
  
  b00097465c47d9a1ddaad9374d67d00cc50ea20b3542603bb81d424202437661
- SHA512
  
  fe2e559a7c053666d201d1c054e17bac86aeba32ad4ded786469c8492d0b64d1e1cb9382fd36b38b974dd8f6880533783270d726d32aa52d0ec377c84b36a807
- SSDEEP
  
  768:20BGU6NlgVgaA6RRaAZJjLwBjIgevrBYCFjUBJ29EW4VHjrlbedBDoeUgLiLmC/a:20mgVguasyBj1uYCFjUTH/IdBDoTLBxg
Score

3^/10
behavioral6