pysilon | 822b6bd963cba3c0762d3ddfa83b070c33d9b90eedba798fa5d5436aae491a19

General

Target

Solara 1.25.exe
Size

71.8MB
Sample

241130-ywkj5sxqdp
MD5

6b32177d5218d0f5158eb91bfcc54c15
SHA1

19d0b30aa6fe9a5bbc9b583bbd48b70861420b4a
SHA256

822b6bd963cba3c0762d3ddfa83b070c33d9b90eedba798fa5d5436aae491a19
SHA512

39db07ff94dcc915f221f558f69590d32f0fae09bcd2b6d9c2ad01d2af83ef5dca5adbcb3a5d3837aad586232bec400ea8733bfd10c1fb7207017c67e81b171d
SSDEEP

1572864:v9JxSm1WIacirAH8+1osuTCSxOB6xMLiIpB2qHWB75ilQhmqZ8Qry4hlDVgc:fzZRS6xjKcBa6/2qHO5iopyQry4bB

Score

10^/10

Malware Config

Targets

- Target
  
  discord_token_grabber.pyc
- Size
  
  17KB
- MD5
  
  e523026b612006e580e96bd9e2a8882c
- SHA1
  
  03b9938701f7eff11a0c3632ed805e8188598c88
- SHA256
  
  8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77
- SHA512
  
  a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853
- SSDEEP
  
  384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8
Score

7^/10

phishing
- A potential corporate email address has been identified in the URL: currency-file@1
  phishing
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  get_cookies.pyc
- Size
  
  10KB
- MD5
  
  b38f506528b3d6d5dbd851426c347b95
- SHA1
  
  e91bf4ef42128267934e21be0176e552480f5977
- SHA256
  
  85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b
- SHA512
  
  ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295
- SSDEEP
  
  192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE
Score

3^/10
behavioral2
- Target
  
  misc.pyc
- Size
  
  5KB
- MD5
  
  31aa260c6cdeaa9d942cd0dcfcadd16a
- SHA1
  
  a6818f3acf5c2ab9d65b41a81cb92b36b85cc932
- SHA256
  
  b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c
- SHA512
  
  0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c
- SSDEEP
  
  96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ
Score

3^/10
behavioral3
- Target
  
  passwords_grabber.pyc
- Size
  
  8KB
- MD5
  
  704dced7f7530b19a34a5f7a71c26b10
- SHA1
  
  608d9647488cfa2b5f84a891028168a973bfcfa9
- SHA256
  
  1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac
- SHA512
  
  e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f
- SSDEEP
  
  192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn
Score

3^/10
behavioral4
- Target
  
  source_prepared.pyc
- Size
  
  124KB
- MD5
  
  2d25124cc195856d4add94130d3bedcf
- SHA1
  
  9e6f349cd60ebde2c59e55f3336ee9cbe6937de2
- SHA256
  
  1ddc1de14c263adab6bbe3500cb18fbfad49998acc9e9cb78e43edb277b72829
- SHA512
  
  15554c1db093bd4d41bf15487708b0ce6600c302d86f5688456d67f6aa84ec59129aed72b78009a392ab4ac7a2ed9da0c826c2272d633624608c99ce12b95e3f
- SSDEEP
  
  1536:0vL1wLa5rGRJAyIfXm2KdB4ahikbdp5ysPgdJg0V6VPIRDlK+kCCkrfj:U6La5rKAyAmrki0scJg0/yCCkr7
Score

3^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

A potential corporate email address has been identified in the URL: currency-file@1

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5