pysilon | 1493e235477b9514f54ff420d0ab5d096e94dfcc885fcb5ac227ea3bc014acad | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Solarasis.exe

windows11-21h2-x64

9

Sharing

General

Target

Solarasis.exe
Size

50.5MB
Sample

241129-24mk9a1mas
MD5

f65e2a4ca6f6da06ad6b5ab017e8f606
SHA1

8953d0ceef9e1bc6c54dfe5f0cac47879bdb2d1b
SHA256

1493e235477b9514f54ff420d0ab5d096e94dfcc885fcb5ac227ea3bc014acad
SHA512

0e99ac29ce6238d85d0ea69eeba2dba8e2577aac37c98cde7fc9c0d5a8b8aa278f150184f5657f6c8ffda758dcf0b24425d2ff28c051bb00cba33d88c87c8b9c
SSDEEP

1572864:vGGefWTsmTSk8IpG7V+VPhqb+VxTivfSlRISereyaAPeEV:uGaCsmTSkB05awb+Vxen+RXerXVPeEV

Score

10^/10

pysilon evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

Solarasis.exe

Resource

win11-20241007-en

evasion execution persistence upx

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Solarasis.exe
- Size
  
  50.5MB
- MD5
  
  f65e2a4ca6f6da06ad6b5ab017e8f606
- SHA1
  
  8953d0ceef9e1bc6c54dfe5f0cac47879bdb2d1b
- SHA256
  
  1493e235477b9514f54ff420d0ab5d096e94dfcc885fcb5ac227ea3bc014acad
- SHA512
  
  0e99ac29ce6238d85d0ea69eeba2dba8e2577aac37c98cde7fc9c0d5a8b8aa278f150184f5657f6c8ffda758dcf0b24425d2ff28c051bb00cba33d88c87c8b9c
- SSDEEP
  
  1572864:vGGefWTsmTSk8IpG7V+VPhqb+VxTivfSlRISereyaAPeEV:uGaCsmTSkB05awb+Vxen+RXerXVPeEV
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.