pysilon | edc2d51c0c4fc3066017def71df3182e86e4a9479c79fc13d46a359393223e1b

Sharing

Copy URL

Twitter E-mail

General

Target

source_prepared.exe
Size

78.0MB
Sample

241216-r6ptaasrbw
MD5

4ec07694dc438cb29272f76119d527d6
SHA1

6ed1030ef56117fcf5ffe56fc94be008af9d02b6
SHA256

edc2d51c0c4fc3066017def71df3182e86e4a9479c79fc13d46a359393223e1b
SHA512

7ece3e537ed1909b1626e653fea1587287bab2453425f7696b0f31dd0a38fbd9b9cfefb07e87035e59f8c0965216313bde3b213297f9814afeb025e8539f081a
SSDEEP

1572864:j1l92W29mUSk8IpG7V+VPhqb+TUE7Tlhe7fEYiYweyJulZUdgRI6X2dfxmDtaJS:j1KVmUSkB05awb+TVLPhpulvXvtao

Score

10^/10

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  78.0MB
- MD5
  
  4ec07694dc438cb29272f76119d527d6
- SHA1
  
  6ed1030ef56117fcf5ffe56fc94be008af9d02b6
- SHA256
  
  edc2d51c0c4fc3066017def71df3182e86e4a9479c79fc13d46a359393223e1b
- SHA512
  
  7ece3e537ed1909b1626e653fea1587287bab2453425f7696b0f31dd0a38fbd9b9cfefb07e87035e59f8c0965216313bde3b213297f9814afeb025e8539f081a
- SSDEEP
  
  1572864:j1l92W29mUSk8IpG7V+VPhqb+TUE7Tlhe7fEYiYweyJulZUdgRI6X2dfxmDtaJS:j1KVmUSkB05awb+TVLPhpulvXvtao
Score

9^/10

evasion execution persistence upx discovery privilege_escalation
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  discord_token_grabber.pyc
- Size
  
  16KB
- MD5
  
  725de9fcbbafc763e52c1890229e95d3
- SHA1
  
  9f706ed61c350f634c1219a450680d8d943fab94
- SHA256
  
  61a871eed93301374ff8242c30e7da5ef568ba1fdd612482a0bba99583ae675f
- SHA512
  
  993ec6762f902ccd8753ce64a045717255aa63d7af58f0e38f997e4433ff302581479ef83a2bf0faba768981d2e471b01071de7373894fc506716571ba61e56a
- SSDEEP
  
  384:nGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:nGCuvk8WltcrttQ5saaCsVA
Score

3^/10
behavioral3 behavioral4
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  c9a26682b507d80f6293b7812712a656
- SHA1
  
  08717581287f9ce3ce45620b65bf9af9388bd56d
- SHA256
  
  977c728a338029209993bdea34d5476491be08fedcdc4d9810aa477e26118638
- SHA512
  
  54eeb20ea0cf309fa5eb31b3f37318e07965217f6f8adc8b1ba2cef8c7559db82792b8470f44e8989efde29b31b13e79d97c6c9a6549e765190336edbc4c02c7
- SSDEEP
  
  192:lNal3eiNis9QfUFoxJvm79F211G67+PtAhN:lJiB2lrj7jKlAhN
Score

3^/10
behavioral5 behavioral6
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  f450829addc19ea4da350682ab197177
- SHA1
  
  d945d4aeb21e9aa3b995c05afa4ae9310427b664
- SHA256
  
  5d285150443c750bb0b68da4cc87732b81703e9665f719247a0ee62bd9482ca6
- SHA512
  
  645a11a031c4872b378201555a1c2a0aaa5537cb83d9a98028f09dbcfac527b691b8ef417b616ad2a7ce3d2920f4081fbd8dd201e83db74dacb01615510d15bb
- SSDEEP
  
  96:XSMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:iolvJ0evq+VBXZGh4vmV1kFhub
Score

3^/10
behavioral7 behavioral8
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  7d2e86e5d8afcff3d134f866f33d836c
- SHA1
  
  1791cfa048717d69f51c56ecf63f5047b088532d
- SHA256
  
  30c7051140e658b94573f4fd7bcdfcef0ac6e54aec22a69220632437f6f465cd
- SHA512
  
  555fb2eafcb4a9d5762608396969d635e6d260f50089e1bc949a2c37aa6531526ee8c3e365e10b88b04b5afb966d3d112e5bbcf4414e4ffef305c1fbb61dbc5b
- SSDEEP
  
  192:A114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:64qWLfMtzVxDAEW7
Score

3^/10
behavioral10 behavioral9
- Target
  
  source_prepared.pyc
- Size
  
  168KB
- MD5
  
  9d891a96c17dd441af8b0947c9c71a8f
- SHA1
  
  f2fa0540f6e2593c607b13f6cac23dd7d66917b6
- SHA256
  
  00ab86f1ebf1ccb63da3286a14a23d0d4f9855856d9caffb89e6b8072cd90dbb
- SHA512
  
  4c10f84ba8d95ea6d460336bd81842dddbbb1cbdcf6d3491cb9c7a25aa1a94178d2c2a4883012ab1e8ae8b52f3227433cd601cc69f91cf87d3352f77633aff48
- SSDEEP
  
  3072:Ae0H1NaOO/5ESl1RdotPZTJ0pZXScT0o+IvdXzPsTWP:eNaOO/5ESFdoCpUY0oTsS
Score

3^/10
behavioral11 behavioral12