pysilon | 4919a549a552e26a10c9cda5518928c373404b072690c338f5821c34218cf2bd

Resubmissions

17-11-2024 05:10

241117-ft8j3swnck 10

Sharing

Copy URL

Twitter E-mail

General

Target

Newm.zip
Size

85.7MB
Sample

241117-ft8j3swnck
MD5

27a4a1fea064a22a5018ef87a5ae0d7f
SHA1

96643d7880e4c570bd72ea18d3e087a1ce6cd27e
SHA256

4919a549a552e26a10c9cda5518928c373404b072690c338f5821c34218cf2bd
SHA512

8c2b01238929adaa4a2e06e47231cff04512a4daa3065e2e46c0236512935923f3f9e88f5e3295e04ccd9e257db725309cbb53b7055b8f7dd0c6f8614a536f16
SSDEEP

1572864:goxEFTLs+Vg0uSjg/3oDHRKchU5hv1r0a747Jeyuu10hfRuIo61VAGHFL/N:REx7g0R0/08cEtIJ10hJrV3D

Score

10^/10

Malware Config

Targets

- Target
  
  Fluxus.dll
- Size
  
  314KB
- MD5
  
  39380751ccb5ba67afe489aa449f7095
- SHA1
  
  bbada4d300f774f66a9f3cea28bd6a51d80b503a
- SHA256
  
  c3443ddfba264e9becf7d41400c1c43bb15b3fdd91bb883bccc9a3a85f6dab92
- SHA512
  
  681e17cc42f3d75a23c7e85ad3d62c34c0cc114130fefc9747456fb75a3db0f0cd2520697f1fa6b3216d6880ff448abfca4feed8eeff07ed628e0fd2bf1b69f6
- SSDEEP
  
  3072:SdcElZm+a6dBTmseX27WQqmYwSKiIwOby6bdxmYwSKqIfV:QZmj6Basem7WZN8by6bdxN
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  581KB
- MD5
  
  3d9465d5161ac2ab5a83265935514349
- SHA1
  
  5d40047faf2a166e6c25f106c244b5826bd0aad9
- SHA256
  
  24d1f432632c971456e6db676f609772b98d0cf3d3a5450c78d3dbb75744399e
- SHA512
  
  8d84de25fcb88ad6786de9f077612d356eed8726a50e9b6c44a3dff456ca8a160e0707cd1902b52e4890f97f4a5a72466ac149e71d1e790267141a6710ecc70d
- SSDEEP
  
  12288:1J3gR2NlLVbkHw20OFrpQ322ty+uFKcDEuRFNEMWeu+imQ269pRFZNIEJdIEY0lm:Hw
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  38KB
- MD5
  
  38310032e0b00f4f7e3b383817b6decb
- SHA1
  
  0f352d6d72127417f3d5c2e7e6f7ad2eb2cefe22
- SHA256
  
  4d33b7b82e865ce5760c322f341efbf41a2d3fa17572a88ae6ee2b226b85987d
- SHA512
  
  dc81b428e4ac21c2dc186bc6aa990318e1dc4df30357d5a57345ea5e80fde38c815928d90dcb032cfbef12818ee3e8e59ea6b6cbab499136d648bd1e454380be
- SSDEEP
  
  768:AHNaz0wClrsoZlQtZDgcEST3p4Jjrjh2je+SG2au8vxJKia5/Zi/ZG4Kzu6bWkZ9:WaInQtZDgcEST3p4Jjrjae+SG2au4xJU
Score

1^/10
behavioral5 behavioral6
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  81KB
- MD5
  
  b8766e71b537b000f020ae51284ab4cd
- SHA1
  
  4731f26cb74c8c2f6addea537dde860cd94321ac
- SHA256
  
  7b0ad54180a2b6c4443a68c93309c1e4196e9baaeb0a6c58ca5b192ed0ce8615
- SHA512
  
  b1e7d7dd971fd0fc8ce777ca0942add849f77de8a50a0ce4d117d18bee06dce4dd98622a4dbe44e11bc199646e388917255328191789c25f68f0809ee8eebc34
- SSDEEP
  
  1536:zbjmE+c3SOQgan6hp8dYNUDHfFWyEb30mpc4Jjr4YeUqiHhCU0NdnbvUufk/UaTo:zbAc3S3HnOp8yUDHfFC30mpc4Jjr4YeT
Score

1^/10
behavioral7 behavioral8
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral10 behavioral9
- Target
  
  RealFlux.exe
- Size
  
  81.6MB
- MD5
  
  49d2d259962a3f7b57129a8247b0f39c
- SHA1
  
  adb0504fa1744456d74dd17d970b50d93a444788
- SHA256
  
  05312b95ca7e555a1612e6dbe1b90de8eacbd30192da0c5b30ff9da4b0b0b900
- SHA512
  
  cea56a05b6e0f505fa535054ca64c84e4df2e1b860ad4ff2fc617bfc3ee8e554b3987508b4c542b6d46c81ad4656095e10aa6387bf0313f122a7afa678ac6693
- SSDEEP
  
  1572864:0GKlqWLT0hSk8IpG7V+VPhqclE7plifiYgj+h58sMwAerxipjcJ5j:VKMPSkB05awcIwB5sersgj
Score

9^/10

upx discovery evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  8b696f783f4bac507c7d7adb9de8bc09
- SHA1
  
  5370b18e0e72fd116815fee85055629483680668
- SHA256
  
  1e6d8bb2c22fb87739c8a4acb726ed81b9ae07eea983326f4fe93f7b26f78d17
- SHA512
  
  29b3117257caf2a0e6edb66eaf6c60e6eef397bfbd56538f80caea89e5c35f2ba73b0504402219680a693c6e26531190b167e6bf6eec84ef41aa9ad2d1aca0f8
- SSDEEP
  
  3072:gKl34J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7p7:d4J09BA3pZaFD48VOAGUWYPjdlLJbRBX
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral13 behavioral14
- Target
  
  bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  4KB
- MD5
  
  eebda1fdd970433750c115eae2f03865
- SHA1
  
  3f1a1cddb99dead013eac825eb418241656d4bf0
- SHA256
  
  ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7
- SHA512
  
  8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb
- SSDEEP
  
  96:HDGAW6FJJJkCO8evcIWtdrvrg+1/sLMiWAOKjLobLMzD:BWCDqC20IWtZD92pzOKvomD
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.1MB
- MD5
  
  a7e3083cfe200263edfb4bf011b893a3
- SHA1
  
  18b52dc38e7a8a612892f5e60a08d9b19e1f472f
- SHA256
  
  9e2fb6171592f7a3c33d3b5baef58b516b36473ff7717bbd643574991923435e
- SHA512
  
  6bbb149102958e23c42accbbd18595fcfffd547bb826f2309956c036983692e83b7313567a42e50d98a1c946fab554e32b77ef4d0f8bc0cc7f0dda196fd7e23b
- SSDEEP
  
  24576:jFFExk98EXl2uRJxjP3Gdv6QLtQ2MbRpn:Yxk98EXl2ixjP3Gdv6QLtdMf
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.de.js
- Size
  
  46KB
- MD5
  
  d1fd2fb756c73970b9c5e0ba07bff708
- SHA1
  
  470057b3244886dccc9f6074297cc8bc2a9c1b39
- SHA256
  
  cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828
- SHA512
  
  db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf
- SSDEEP
  
  768:ocuLC1xYdRB1a3Xq1GdigBoQqAaI/QQUEYPxFpXT1kF7bJZYmz7lehjDWMQRBk3Z:oclxgVuXq1GdiRQqAaI/QvEYPxFpDkbg
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.es.js
- Size
  
  46KB
- MD5
  
  36f546b28ca17ece9f8eb9bcf8344e13
- SHA1
  
  d43934b9041587799e332b2f568aa81666227258
- SHA256
  
  327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654
- SHA512
  
  13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d
- SSDEEP
  
  768:oX8nKFyVgAYwTQG8zHqIkGMvnmvoKA9OfxjB3EVuU13pjbazPn0ANy7+IkLDKPp9:oMKFyVRcdzHqIkGMvnmvoKA9OfxjB3E5
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  49KB
- MD5
  
  1a29080733878dd44e0c118e84cd0c39
- SHA1
  
  60c158e23962b11918f6cae26445fad5b63bc65a
- SHA256
  
  6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8
- SHA512
  
  5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60
- SSDEEP
  
  768:op8flgb2uZ5CcXQ6Q3edz3uzATaY3l0y+wj90TWIvkU5BkREPTtOjNjZocYV3A4k:owliv5Ccg67SATaYVKPkRskjNGBAa3k
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.it.js
- Size
  
  48KB
- MD5
  
  18e88f58301ad5ae926204507ab99c6b
- SHA1
  
  8eb03235312e88b941f3be212c0efa12b24e6d5f
- SHA256
  
  4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c
- SHA512
  
  f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013
- SSDEEP
  
  768:opTEy7izsuMa01VaiYR2L8XoXNj8YtvnYbP4ymMb3d/gyKJdnPTrysribj5K3m05:of7fQ2qd4yq2FA1J1qn4VN7CgL
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.ja.js
- Size
  
  52KB
- MD5
  
  3bf851cc70f515cbbe1d39da93e4f041
- SHA1
  
  88fe6323bbe14b55b6eec078574318e8474be613
- SHA256
  
  1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f
- SHA512
  
  61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d
- SSDEEP
  
  384:hyd/PwPtm+04LZ+FFHr0ZA9qOSTvvIEveG1vz14NdahWMpA1Uj4vHbX3IPDScLBV:olP4LsIOCaT3lJr/Tvk6892vU1ssD
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  bin/Monaco/vs/editor/editor.main.nls.js
- Size
  
  38KB
- MD5
  
  e871d4d9539c26d7d2bf32801ebdecf0
- SHA1
  
  711460f619ef09fa23d272d97bfc00593a5319a8
- SHA256
  
  5ff0084e6a7eee82a735616239aaf2190ea9d90e89e19340831f3d590828016a
- SHA512
  
  b6b9bf96c132db9dfc99d70320231630fc46a8a83f500d8e4f677e2d03206364f2666946f69061dcba2e759f005261dae1ece73e054aa56b8210551bc353cced
- SSDEEP
  
  384:hy38McmvQkKEQq4xlX7lrp1E1bIJUeYB4jV87XfVGT3H6Sq6Q4wCJjoce1u6I7JS:o38M7fQq4xPj7+lJcYYKqkGSVetbesy
Score

3^/10

execution
behavioral31 behavioral32