pysilon | 3816c836b3af21fcc7f05a71ad13b17aaa110be1ecee68aa18c22bf9729bca48 | Triage

Sharing

General

Target

Phxnt0m-malware-main.rar
Size

80.5MB
Sample

241207-b73hrsvnfr
MD5

aa1230d889daca352561f898d83aa329
SHA1

35bc6b912cfcdef424aa2835d9421f0ba5d6d302
SHA256

3816c836b3af21fcc7f05a71ad13b17aaa110be1ecee68aa18c22bf9729bca48
SHA512

ecd08913e085f0332dd3a8b084384874d50940f6aada756ac6b72c65dffaccc65cb702f7887bca2874d97680bf611322599455e635c3795b57b081ee2fe36946
SSDEEP

1572864:OVIyO5+l3RqxPbpxqz/uyyQFUBLVLIhzLowtp/sADMhNUw2A5e9:fd5+lhqh/07LowPDWle9

Score

10^/10

pysilon discovery linux pyinstaller upx

Malware Config

Targets

- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/Phxnt0m-linux.sh
- Size
  
  5KB
- MD5
  
  371121f4ce94ddaddc31bc515acc3711
- SHA1
  
  5f0f63683a1c7c2163410213c0f5b4b10aba5cb3
- SHA256
  
  c0eca671a36668a9f53b221ba1c96f28d879d0c36931d3d01df75f6b40f753ff
- SHA512
  
  809b242431ab3235c5c2f787ddfdf7e7bbec140f6bcb14bd2ab168c74a06e7d3137767f1410dc670f794fd058063fe002dd6f297165d5c10883ff9503b10cc93
- SSDEEP
  
  96:dRnU5upT22O4adoJKHKL0kKEcipK9pmDEKvaoGBlooYsvz5m/iRfA:dDTs4UoN0ODRaoGBlooYIz5m/itA
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/Phxnt0m.bat
- Size
  
  1KB
- MD5
  
  e98a74889cdd6ab7fa93408baaea820c
- SHA1
  
  61f61cbd04ee18fe62baa0120a786b90f967c4ee
- SHA256
  
  8471cf270c69ff4732b3f46198e1bdf45749f65e776668748d1d6b5d6bce7366
- SHA512
  
  12a75cf9e332c7bb311a65c363d19774142973b23a682ceb36615be2fe4644fcc7605ba0ce80fc0e12f944ebcac1221fd3fb6402b41f2d2d698ffa620e94be1c
Score

1^/10
behavioral5 behavioral6
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/builder.py
- Size
  
  30KB
- MD5
  
  83842bb08cd7cd8f058dc5f6b498b08d
- SHA1
  
  c51b61a539edbb04a52f726891bf0ab8ddb8e87e
- SHA256
  
  40b61be6c4a3b1db0ff9e15c5f2b4fc4b3d73f2cb1ff8d72fa3911675d77a70c
- SHA512
  
  109b3b37040a2dc167d2955fb8128302c84e127ad3fcfb755f4a153b4d84a3fb491cbdb76389d1a02743f7062ee4b07229a379ffefd04d1447dd0a4f241695a2
- SSDEEP
  
  768:d2PufIVSZvFWL6sQhHqxFgYP0kqhvqeju:d22QEZvMLdSHqxFgYP0kqhvqei
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/compiler.py
- Size
  
  4KB
- MD5
  
  1f88d64859332188cde37d171a89f68c
- SHA1
  
  0d90f3fd264cdaf0e79b08b9e23e768556538382
- SHA256
  
  c150810979028bc9125f1a4044f727c064d24cad65fb1e57a9e06b0569cef203
- SHA512
  
  b885df0e8e9eae7a6252e56448c9900c799ebdcf71e3498ea7a19229c3be4083c76a02716913b77cad9806f8edf2c9ba6e6b542aa088f4855691b038a7086d6d
- SSDEEP
  
  96:ODwmTAYUtPvMjoDpz0I9dwsKgwS8n151QqYrAFUetud18ZCrGOc+L6v:O6YUtPvMMDIul+tQT0qe0w+L6v
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/__pycache__/discord_token_grabber.cpython-311.pyc
- Size
  
  17KB
- MD5
  
  6f3eceb15c82bec23053daf172029efa
- SHA1
  
  85c9d84e4fbd99d19ade72a41055489a3dc1c038
- SHA256
  
  b692ef85a75468a8a22b6972028b2e59ada33f69c7c91c68fa176793e31ac7ed
- SHA512
  
  e6178706eaa78fff9ec9e077b79ba5c8cc1ce78ec3dd79fe5525e5d0b266e6155993ef1f544cb5fcee8fdd3336d2de8b696059d2ea400b45736ebcc32ed81f03
- SSDEEP
  
  384:bGOlyAavwR9F0Rn8wyTPQviowoYbJNcWWIc05S:bvlytv49iRn8JQ6owoY1NDd5S
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/__pycache__/protections.cpython-311.pyc
- Size
  
  1KB
- MD5
  
  7c27b5bd86b7bc8bb9994f8a6a544882
- SHA1
  
  865efcafcdb3c747a1b03908656f94ccb3767759
- SHA256
  
  481b96d5f13eb905b0f8ca9c958bfc20058d2951c84c48977b10db9a80c0aa6c
- SHA512
  
  3023c662148a70ec5588bbfbf6361d186f70f64f202b3c81963ca6f82073742fe196651f85c9d1f9d5e92e8f537a0e0f0f44aca3a17b646499a4d4ffd78bb72d
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/discord_token_grabber.py
- Size
  
  12KB
- MD5
  
  32c812c4d73d3e3e2fb9ae35e6262dbe
- SHA1
  
  37525639cc07d60bf39ae7c50be248b7ae7832e3
- SHA256
  
  09b16591c62127f39c138f3d36537d5577042ee9349bd9bca075a0c5bb13c823
- SHA512
  
  a1f8f0e08bcfd36b6fce4c3d7e9322692e57034f918de3ff42bbc6d30fe6a59e01c52c4276235a23000e3b1f230b44224ebfc34ef466d6c410081c28bea8a139
- SSDEEP
  
  384:xP2g/IOwWb1IdsvxtMwv3tMwvQk6fi3sY5Gl4:1IHaZt7vt7YVfi3s7l4
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/get_cookies.py
- Size
  
  5KB
- MD5
  
  9fbfdf3363bef58201cb58f8c47a5c90
- SHA1
  
  c932298a07c455b468bcae7b3fa4868aef5fda02
- SHA256
  
  50659c02385bd90d268e5c9cb39710d99dd84dc9637b1cf1eeb0413fb624f763
- SHA512
  
  98d62d0403377dc0a40a9d400bea0d394e972659be0d12360cc398681fc8f1ee3de7aefa7ab68c2fa17081e7261466e233d9760012f1c27b8f309ead964743ca
- SSDEEP
  
  96:kXFbaDLJC/3LPAsTyjHJ2uCE/Mz5ClOla+lfe:kVbsVMEakDCE/MFCsc4m
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/libopus-0.x64.dll
- Size
  
  431KB
- MD5
  
  0e078e75ab375a38f99245b3fefa384a
- SHA1
  
  b4c2fda3d4d72c3e3294beb8aa164887637ca22a
- SHA256
  
  c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131
- SHA512
  
  fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd
- SSDEEP
  
  6144:QzvQP4JEH+xiPuym+Sl1AhOtw6qIUZtvJd3dbK2lbO2miHWQAD03N3hg9/To88jC:Q6Ho+8p0IU3BW2s2miwmOLozjJ
Score

1^/10
behavioral19 behavioral20
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/misc.py
- Size
  
  2KB
- MD5
  
  d6a7a397e1626ba1e7346f890f31866c
- SHA1
  
  a8d2e69bb24c287232a22055e0333c6da746853f
- SHA256
  
  98c3c9e981f91b6eb10db0217a16da8c7ba0891e6ad392061d1332fe4af96742
- SHA512
  
  dfd6f95aee07e1845e0a475b8473f92d73d03927e3835facb3c9ebebacbd4d34725dd26d63419d0b6e06a999d71c22c99e2697db585e19f397d15ba747425b6e
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/passwords_grabber.py
- Size
  
  4KB
- MD5
  
  d501b318f5df2e0c18cef8a64161326b
- SHA1
  
  8d3d44fce5a9df6fa728f6f090e0a6c239c90736
- SHA256
  
  6bae31f78fa66e73da3a5d7e7e489c4c79d36da8811fa94d5bbf052eb3d28f86
- SHA512
  
  683f2d34a12712a65a293d7b7ede3028a52ed0f5aebb6a9c18cbeafcfe769c20b07e7db2af31edb60f4ac870c2aa16a16a625270242ca6b9dbb30f740b1f6340
- SSDEEP
  
  96:D9b569f3ItMS2tdNWkOHKy0BZfnMJ6dHZdgoLHZtU5jNEYDmbVjp5t:Dl569f3wM5N/OdcZvMJ6dH/bZtUjFDGV
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/protections.py
- Size
  
  1KB
- MD5
  
  f5f7860862ff9026ae5ef626ccbf7c59
- SHA1
  
  f0b9827394cc388ed07b9cbdb44b8aafc3b44820
- SHA256
  
  8370294651cf9164b5183033e0adaeb3fea820359f9652f06713c135cf549b59
- SHA512
  
  24553294f40b295af656ccd39efedd905d6fe9d68fb78e0b4311f22907dd1b6faf2f9f37bd41b0a163a9e85d5c6a88dbb7c54226822199c9f85efaeac68fb0e1
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/audio_control.py
- Size
  
  3KB
- MD5
  
  b6c9921f89e0a1303540bd69b720b70b
- SHA1
  
  0f56471b662eed145ccff20f52671971131d06f0
- SHA256
  
  8e0215b86d28004669b753cfb74cfff423cecbfcf096cceb505c14fee8218846
- SHA512
  
  463e21d25bc0d7beb700c2147a4ba610fec9755d3b1932e572a6c61e33bc47653bdbc6c4619bd6313c712f2c1b1a9776f21661a437fd58df4c0d4616aa98675b
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/block_input.py
- Size
  
  2KB
- MD5
  
  5f2bdcfdb6d04d162edbd0be7322ad95
- SHA1
  
  7284ac9b666a14210a4c9257c0fea1e9e2feaf27
- SHA256
  
  509b26dcd0ad875488bcbebb4d0a9bb8e54d1d05f3cd8b068022b85ab4a1728e
- SHA512
  
  2d08d4bfc2baa40b9c1a4d9d429f3330965ed4ecc4a6819f9601e898767adb45b9c03cce1c10cb6f1656b5fd6dc4bb37f4a989db5a44ec2f1d4916cc220c0311
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Phxnt0m-malware-main/Phxnt0mware RAT - main/resources/source_code/bsod.py
- Size
  
  766B
- MD5
  
  de3387113c8294dca0fe4073ee3a5034
- SHA1
  
  f5451d1cb8a0741427bd1962101661f8b6fcd218
- SHA256
  
  86e238d4f2dfadf749771d4ce074e7ee5b230b7a5a25da7079e513e9f3e13672
- SHA512
  
  e9f84b5a9f63fb3418e98b6e4eefadcc9171188ec0558a4dad89baa32753295b72f29397296af54b25d7c642a960126c8e89f78c88ebc13b2200ff63605ba539
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxpyinstallerpysilon

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32