pysilon | 6f5420be6cee7c98ea85f532ee5af9596f74d041a16a0d3555c95f0b11571c92

General

Target

source_prepared.exe
Size

76.0MB
Sample

241115-enet5syfjq
MD5

68e90c5803d7b873c5324afd8cab0ec1
SHA1

ff1853fc6384789f69d5939fb89fb5b83ae04196
SHA256

6f5420be6cee7c98ea85f532ee5af9596f74d041a16a0d3555c95f0b11571c92
SHA512

ccc4ae05fe4fd1ab66ec5ce19092b020c8dd2df8ebf485860447071ad29e7f2b756912201e7c239accb66d067a8a40022e99a676bbdd8c199d43684118b3fa00
SSDEEP

1572864:E8Vl/WJB0ASk8IpG7V+VPhqvsE7WCglKsiY4MHHLeqPNLtDhIveZ2YR1:EKRkSkB05awvYCgMnMHVLt9Ivep

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  76.0MB
- MD5
  
  68e90c5803d7b873c5324afd8cab0ec1
- SHA1
  
  ff1853fc6384789f69d5939fb89fb5b83ae04196
- SHA256
  
  6f5420be6cee7c98ea85f532ee5af9596f74d041a16a0d3555c95f0b11571c92
- SHA512
  
  ccc4ae05fe4fd1ab66ec5ce19092b020c8dd2df8ebf485860447071ad29e7f2b756912201e7c239accb66d067a8a40022e99a676bbdd8c199d43684118b3fa00
- SSDEEP
  
  1572864:E8Vl/WJB0ASk8IpG7V+VPhqvsE7WCglKsiY4MHHLeqPNLtDhIveZ2YR1:EKRkSkB05awvYCgMnMHVLt9Ivep
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  8KB
- MD5
  
  6b2aaa23f9b67dca5fa0efd9d96e9060
- SHA1
  
  07293442aa33cbc0afc1b69af287b1fede2e9a70
- SHA256
  
  f49ba791814001b3d4101685bfebb635cdaf3103407a08171bb5d6bbe3e79c77
- SHA512
  
  bcd7b41e7758b30954b0e24db5d53d3d904b6c4b9a5105bd33e5dddddb310614cc09a028d0cd8ccb6a272ce5eba0e9142a1cc36ec848b54fb99b695752b5e20d
- SSDEEP
  
  192:ESB7osP1MJaugwXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavwTqacyq35D0Fnv
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  5KB
- MD5
  
  2754e3152f668e31fccca7b6f275716b
- SHA1
  
  e9ed74d679a96372c4457e72bc6639a4d96a2378
- SHA256
  
  f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
- SHA512
  
  a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
- SSDEEP
  
  96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  2KB
- MD5
  
  bcb404423ac51f798753e8d11e401071
- SHA1
  
  9080018dae3aa157e3a97904c86af06d4a0a6873
- SHA256
  
  572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
- SHA512
  
  25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  4KB
- MD5
  
  8b9cbd29c3dfec519a4313b1b7a0069b
- SHA1
  
  5efb073593bc8908a7514dad78673c9d65344a6f
- SHA256
  
  589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
- SHA512
  
  c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
- SSDEEP
  
  96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  65KB
- MD5
  
  06cd5ccd0f2f2924b4ca79e6631e8558
- SHA1
  
  29ff98bfef560e2832509e8b50482176d9ca7638
- SHA256
  
  bf6adc24a716e6a79b5f36a991a189c936e14df0a2c8cf2fea75a8a99607c2ac
- SHA512
  
  6148b7bd866cbf72b7a7fffcf9793b1e19149a7fbe11788400f6a47bf4342ce27dac5bb257556c4a259722e8d7b62a3a459b2fec759f8cbc7224ac2e3fbbb3dd
- SSDEEP
  
  1536:iaOwgVgKeAyBj1uYCFjU7x/IdBdoTupxU:Ywg2VDBkFw7xodop
Score

3^/10
behavioral6