pysilon | b32c77e3ac0029a200f28a72212e3f96198200760b8e3aaff94c2de36abfd95b | Triage

Sharing

General

Target

Solara.exe
Size

107.3MB
Sample

241011-qcv8jatdnc
MD5

798f7a824214e2329d5d4ca474d7db66
SHA1

b15f8864f4ffb0e552a832842286e6055201bf95
SHA256

b32c77e3ac0029a200f28a72212e3f96198200760b8e3aaff94c2de36abfd95b
SHA512

40f2684d5b41e2f1592e3969876e87e483ff0b2d515102befe0d3c993cfb6fb67eac1dec76aaeb14924e8bd5314423f3a8ec1d5e21a30c90780941d5d23c8973
SSDEEP

3145728:JN5L8iS6xjKcBa6/2qHO5i/p0nG0iWMstB2OxARE:vtJSWNa6NHCixiieB

Score

10^/10

pysilon evasion execution persistence pyinstaller

Malware Config

Targets

- Target
  
  Solara.exe
- Size
  
  107.3MB
- MD5
  
  798f7a824214e2329d5d4ca474d7db66
- SHA1
  
  b15f8864f4ffb0e552a832842286e6055201bf95
- SHA256
  
  b32c77e3ac0029a200f28a72212e3f96198200760b8e3aaff94c2de36abfd95b
- SHA512
  
  40f2684d5b41e2f1592e3969876e87e483ff0b2d515102befe0d3c993cfb6fb67eac1dec76aaeb14924e8bd5314423f3a8ec1d5e21a30c90780941d5d23c8973
- SSDEEP
  
  3145728:JN5L8iS6xjKcBa6/2qHO5i/p0nG0iWMstB2OxARE:vtJSWNa6NHCixiieB
Score

9^/10

evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

evasionexecutionpersistence