pysilon | e354d0523e7d2299bfa01b65a974fb7767837e1a8200927e8ed07d9f894d6a9d

General

Target

CobraV2.zip
Size

76.1MB
Sample

241206-k1ww3swjbp
MD5

26290a1c20392c4bf95df024f2402a15
SHA1

f7291b93b8b248d09e485474743a7aa7fb409ec8
SHA256

e354d0523e7d2299bfa01b65a974fb7767837e1a8200927e8ed07d9f894d6a9d
SHA512

54830e80e0d6a34c606f26bd20cc564800539bfc23a16475832d9e6720a906d9e328846839847b72815ab8f9de6a3dc0ea625006d031eb0b17bdecd1614de45c
SSDEEP

1572864:5p7bi9CE4oYwYstUv/OlRBSMuuwAVVkvXoGaeUk9FHSKz5/NLUV3Xr3FcMW5K:5FJE4oYwFuXy8Muudkv4mUk9P/Nu3XpT

Score

10^/10

Malware Config

Targets

- Target
  
  CobraV2.exe
- Size
  
  76.4MB
- MD5
  
  31582a9a3490006629cbde95e4b1b663
- SHA1
  
  3b2bb72b9e551a277cbc3ee985419937fd35a181
- SHA256
  
  d44d1b8375ef8b2e81ae058ae4f94fde54916b746a95dadc97126cfd42511925
- SHA512
  
  3e3cf6ec75d12fac447dd47ac4f43d594f16dedaaa9bffa1086c9504b53cfcc0dd56c45edbc775ea0dadefefc2df1b7f42367f44cfd5179f470a03ca79844649
- SSDEEP
  
  1572864:U8VlgjW4omcSk8IpG7V+VPhqWK8uE7WoDlK8iY4MHHLeqPNLtDSQY4ZnrACD3:UKcbomcSkB05awWK8moDMXMHVLtVY4FR
Score

9^/10

upx evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  assets.dll
- Size
  
  1.3MB
- MD5
  
  dc2dc437041527a472e53c802169019f
- SHA1
  
  cfbd1fb03bb25a317dc2734bd63729ba2c5429c4
- SHA256
  
  bbfb0302aba7f57bfa971d63b1c959439afbcf2bc2c64a606b0aa466f11f3cb8
- SHA512
  
  6d254af572d088363988adcd52ecc14af43dd1c91809ff0f2df7d56b84660fd1c6433b9d0eeff92b3ea40093d1ccf18c521afdd0aa25b345b90662e41d413dde
- SSDEEP
  
  192:FndndndndndndndndndndndndndndndndndndndndndndndndndndndndndndndJ:h
Score

1^/10
behavioral3 behavioral4
- Target
  
  injection.dll
- Size
  
  1.8MB
- MD5
  
  06d7e63e252e0378d1a24dbba3e5862a
- SHA1
  
  c1ca32e1d0f035d0b6a8790af30ef7f0a86c1cbf
- SHA256
  
  cd891fe961448d56f35e2dc8d210f7ad8d856f2a6bccda2b39d7aba3ac708fe4
- SHA512
  
  f8b5f7ac4f27c0d8d0954c048463de47446ca0c7dd7a3fa654aba5965d6f72977fa06bbcc9a0ac57618cf110ace659d13f64cf7d4b75a282cc30552fce403a2f
- SSDEEP
  
  192:Fndndndndndndndndndndndndndndndndndndndndndndndndndndndndndndndh:5
Score

1^/10
behavioral5 behavioral6