pysilon | 7a06809e8d9bf6fcdf17cd0aeb098c88adc4bcc4d3beebb735985a0b7a424809 | Triage

Submit
Reports

Overview

overview

Static

static

Snail Temp...mp.exe

windows7-x64

7

Snail Temp...mp.exe

windows10-2004-x64

9

Resubmissions

14-10-2024 21:59

241014-1whrnasdpp 10

13-10-2024 18:37

241013-w9hatswdnl 10

Sharing

General

Target

SnailTemp.rar
Size

77.3MB
Sample

241013-w9hatswdnl
MD5

fdcdb144382829b7dbbf568c4d3045bf
SHA1

375482015da697b8aae4b2c33bbf268a8e539afd
SHA256

7a06809e8d9bf6fcdf17cd0aeb098c88adc4bcc4d3beebb735985a0b7a424809
SHA512

4cae27439f6162bddc75216d0c419efb98f25aea2c4c4339315b29f3822ebe0a22ba81dda89181169fe4d07bb25a3f67b021f3283ee4c0387051792044105d07
SSDEEP

1572864:q0e/NKuNTsqOdwDxfiK8e+VRp+pNawjE7SnrerSLVVc8jnaojxg9l:q0eVVNd6wqLpKhoArerSLc8jOD

Score

10^/10

pysilon evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

Snail Temp/Snail Temp.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Snail Temp/Snail Temp.exe

Resource

win10v2004-20241007-en

evasion execution persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Snail Temp/Snail Temp.exe
- Size
  
  80.3MB
- MD5
  
  8fd292ec59f027ee39c184f767e9c353
- SHA1
  
  7c7a9a08fecfcf95d532fb72014ebd031c8a6407
- SHA256
  
  bb91a8a6cbc909c53636590addcfe12d0184c536cdc64a74aa1e012af686fcda
- SHA512
  
  fe7ac31cfa67448f060bb2aa33d6b4667c72ec83ef58f0e2e6ada3c198874e4022a2da248e5d8e4771a77e0ab13ddd7865492e1419134f2def4b31af5160034b
- SSDEEP
  
  1572864:LvxZQglwWLcfZSk8IpG7V+VPhqclE7hliQiYgj+h58sMwr9TabkcJzU:LvxZxqdfZSkB05awcYwS5X9O/U
Score

9^/10

upx evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2

evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy