pysilon | 3f4e1e12a93dd6b5371a5e35ae6a01e730bb82b303c51bce6bbd1fc7a3484f58

General

Target

source_prepared.exe
Size

81.1MB
Sample

241019-vc87lsydrp
MD5

534616723045a1acde3e3f732bd247d9
SHA1

27790d766585d35ba2c6da919eefb20725acd8e6
SHA256

3f4e1e12a93dd6b5371a5e35ae6a01e730bb82b303c51bce6bbd1fc7a3484f58
SHA512

94eebd4c04cf3f1490b1d473d3dc711267e85d847fc15406233634959a538f7ffafc358787d11611459ab4d98bfcc85722543bb9fcb1ed5cdc9ba3c85a50c69b
SSDEEP

1572864:+GKlEWpk0bSk8IpG7V+VPhqYdfmE7cliwiYgj+h58sMwcy+DOiwJq:vKewXSkB05awcf0wy5wyU/

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  81.1MB
- MD5
  
  534616723045a1acde3e3f732bd247d9
- SHA1
  
  27790d766585d35ba2c6da919eefb20725acd8e6
- SHA256
  
  3f4e1e12a93dd6b5371a5e35ae6a01e730bb82b303c51bce6bbd1fc7a3484f58
- SHA512
  
  94eebd4c04cf3f1490b1d473d3dc711267e85d847fc15406233634959a538f7ffafc358787d11611459ab4d98bfcc85722543bb9fcb1ed5cdc9ba3c85a50c69b
- SSDEEP
  
  1572864:+GKlEWpk0bSk8IpG7V+VPhqYdfmE7cliwiYgj+h58sMwcy+DOiwJq:vKewXSkB05awcf0wy5wyU/
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  17KB
- MD5
  
  e523026b612006e580e96bd9e2a8882c
- SHA1
  
  03b9938701f7eff11a0c3632ed805e8188598c88
- SHA256
  
  8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77
- SHA512
  
  a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853
- SSDEEP
  
  384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  10KB
- MD5
  
  b38f506528b3d6d5dbd851426c347b95
- SHA1
  
  e91bf4ef42128267934e21be0176e552480f5977
- SHA256
  
  85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b
- SHA512
  
  ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295
- SSDEEP
  
  192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  5KB
- MD5
  
  31aa260c6cdeaa9d942cd0dcfcadd16a
- SHA1
  
  a6818f3acf5c2ab9d65b41a81cb92b36b85cc932
- SHA256
  
  b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c
- SHA512
  
  0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c
- SSDEEP
  
  96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  8KB
- MD5
  
  704dced7f7530b19a34a5f7a71c26b10
- SHA1
  
  608d9647488cfa2b5f84a891028168a973bfcfa9
- SHA256
  
  1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac
- SHA512
  
  e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f
- SSDEEP
  
  192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  178KB
- MD5
  
  aed8b627dec1f3e1fa99a1d1fc04557d
- SHA1
  
  30dafbe900c686f9120f3d3c051f628ef3affbb2
- SHA256
  
  6599f21ab17b6b70cf506086c1274510547b69c1dfa579c1878b482de28c28d6
- SHA512
  
  0a505f89559903e3c54a3eaabe083206c90d5b742710ef481e7b38fb8b8bb3d8f2b6684f9f7a27a858c91cd1edad8ca22606e8a6c679f2176d5bcd8496447116
- SSDEEP
  
  3072:1HgLaO4A98cczoWPEtelZN+tLZaaD5Egp7SaCknA:2WOZ8hoW8cN+dZaaD5Egp79CR
Score

3^/10
behavioral6