pysilon | ebbb7103dd5a683e6cda47c52e62ed81e3f58a64ec4f255250a89d4e5c155f8d

General

Target

source_prepared.exe
Size

79.0MB
Sample

241122-jhmp1swqct
MD5

90258e10c0572e41e2927e3631c24ad3
SHA1

81dde3c01838426bcab921638bac2da69903a6f5
SHA256

ebbb7103dd5a683e6cda47c52e62ed81e3f58a64ec4f255250a89d4e5c155f8d
SHA512

0ba1cb8729be3c2f915513541857f60fa1edefc0e84654200fadc8e8e36204f968860592169b05a121a80c4fdd7c6e28469538beabd6a7f63c7e9813172ada48
SSDEEP

1572864:eGKlqWL8Sk8IpG7V+VPhqcvE7plifiYgj+h58sMw0erSEpDcJ5j:PKM5SkB05awccwB5gerv0j

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  79.0MB
- MD5
  
  90258e10c0572e41e2927e3631c24ad3
- SHA1
  
  81dde3c01838426bcab921638bac2da69903a6f5
- SHA256
  
  ebbb7103dd5a683e6cda47c52e62ed81e3f58a64ec4f255250a89d4e5c155f8d
- SHA512
  
  0ba1cb8729be3c2f915513541857f60fa1edefc0e84654200fadc8e8e36204f968860592169b05a121a80c4fdd7c6e28469538beabd6a7f63c7e9813172ada48
- SSDEEP
  
  1572864:eGKlqWL8Sk8IpG7V+VPhqcvE7plifiYgj+h58sMw0erSEpDcJ5j:PKM5SkB05awccwB5gerv0j
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  17KB
- MD5
  
  e523026b612006e580e96bd9e2a8882c
- SHA1
  
  03b9938701f7eff11a0c3632ed805e8188598c88
- SHA256
  
  8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77
- SHA512
  
  a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853
- SSDEEP
  
  384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  10KB
- MD5
  
  b38f506528b3d6d5dbd851426c347b95
- SHA1
  
  e91bf4ef42128267934e21be0176e552480f5977
- SHA256
  
  85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b
- SHA512
  
  ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295
- SSDEEP
  
  192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  5KB
- MD5
  
  31aa260c6cdeaa9d942cd0dcfcadd16a
- SHA1
  
  a6818f3acf5c2ab9d65b41a81cb92b36b85cc932
- SHA256
  
  b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c
- SHA512
  
  0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c
- SSDEEP
  
  96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  8KB
- MD5
  
  704dced7f7530b19a34a5f7a71c26b10
- SHA1
  
  608d9647488cfa2b5f84a891028168a973bfcfa9
- SHA256
  
  1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac
- SHA512
  
  e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f
- SSDEEP
  
  192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  163KB
- MD5
  
  501d67e8b8792d8030793a33bcd7bc0d
- SHA1
  
  16071a87fd6ec64d22f4383314c1d4fa82fad428
- SHA256
  
  2f9731bd04d409f79e1c4d902bd152d18ebfddd9368bfe6bb23d983a5300f813
- SHA512
  
  354cd780a051281b8308a07f5f8c2572ffd279427b5e6adaa0a9f36505a519ef649aad7ca5e071e856b8d0e56973bb1c9a2c9b55bd77a173d53c563192073ca7
- SSDEEP
  
  3072:NHU1LalgFAVKokPEte0H/Qjd1IgPrSpCkno:NmWlgZok8ZH/Qjd1IgPrACP
Score

3^/10
behavioral6