pysilon | e1005d3a16bbe9399e457558208bb31f4777f25d4775fc7d4f42aa0a3606f494

General

Target

source_prepared.exe
Size

76.0MB
Sample

241115-ez95esygmc
MD5

45540fc7859119828f22066e79509b16
SHA1

4f04ddff27a4606f20598b0bcc614eb3f1b64d8b
SHA256

e1005d3a16bbe9399e457558208bb31f4777f25d4775fc7d4f42aa0a3606f494
SHA512

1da61a084093e53b67c0f544cc9efc5ba10de602ed96c510d0f3f68564afe2c3bf4b90e6ffc1ef15613d03e78291bebf6a180851a3ac0e2979e3f5a4ac16fbae
SSDEEP

1572864:d8Vl/WQ0ASk8IpG7V+VPhqvsE7WCglKsiY4MHHLeqPNLtDqGU+ZZ8H2A:dKR9SkB05awvYCgMnMHVLteGU+Y

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  76.0MB
- MD5
  
  45540fc7859119828f22066e79509b16
- SHA1
  
  4f04ddff27a4606f20598b0bcc614eb3f1b64d8b
- SHA256
  
  e1005d3a16bbe9399e457558208bb31f4777f25d4775fc7d4f42aa0a3606f494
- SHA512
  
  1da61a084093e53b67c0f544cc9efc5ba10de602ed96c510d0f3f68564afe2c3bf4b90e6ffc1ef15613d03e78291bebf6a180851a3ac0e2979e3f5a4ac16fbae
- SSDEEP
  
  1572864:d8Vl/WQ0ASk8IpG7V+VPhqvsE7WCglKsiY4MHHLeqPNLtDqGU+ZZ8H2A:dKR9SkB05awvYCgMnMHVLteGU+Y
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  8KB
- MD5
  
  6b2aaa23f9b67dca5fa0efd9d96e9060
- SHA1
  
  07293442aa33cbc0afc1b69af287b1fede2e9a70
- SHA256
  
  f49ba791814001b3d4101685bfebb635cdaf3103407a08171bb5d6bbe3e79c77
- SHA512
  
  bcd7b41e7758b30954b0e24db5d53d3d904b6c4b9a5105bd33e5dddddb310614cc09a028d0cd8ccb6a272ce5eba0e9142a1cc36ec848b54fb99b695752b5e20d
- SSDEEP
  
  192:ESB7osP1MJaugwXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavwTqacyq35D0Fnv
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  5KB
- MD5
  
  2754e3152f668e31fccca7b6f275716b
- SHA1
  
  e9ed74d679a96372c4457e72bc6639a4d96a2378
- SHA256
  
  f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
- SHA512
  
  a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
- SSDEEP
  
  96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  2KB
- MD5
  
  bcb404423ac51f798753e8d11e401071
- SHA1
  
  9080018dae3aa157e3a97904c86af06d4a0a6873
- SHA256
  
  572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
- SHA512
  
  25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  4KB
- MD5
  
  8b9cbd29c3dfec519a4313b1b7a0069b
- SHA1
  
  5efb073593bc8908a7514dad78673c9d65344a6f
- SHA256
  
  589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
- SHA512
  
  c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
- SSDEEP
  
  96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  65KB
- MD5
  
  443dff3a5b60e2fea435a5bc5ee9ff22
- SHA1
  
  8531916c0a4fa3eec203df0986a2e2aa1bab6447
- SHA256
  
  489724848227abb4657be1c28873f6c23385fe5c5488505d79909e4d43e5b4d4
- SHA512
  
  86cde44053797d1bdd94037d0e0c1f157bcf5c9126d50643264141970a6ca7a8cc3b6947b9810f0463c1223da76255ae3737264390ca93c3fc0a710fcf7cd46e
- SSDEEP
  
  1536:IaUgVgJPkBBj1uYCFjUIOihdBsoGwjRQ53:Qg2FkBkFwIOCsoD0
Score

3^/10
behavioral6