pysilon | 10bcf998d8b57e71eafc5d946eedf7a359c8a7fead89efc3ffc54d491d7d7728

Sharing

Copy URL

Twitter E-mail

General

Target

Boostrapper.exe
Size

103.0MB
Sample

250107-hfyttsypat
MD5

6f33bedd125bc6ad6e88248129e0fc11
SHA1

b3586fc9d03717307d92527f71ecdf706a96de05
SHA256

10bcf998d8b57e71eafc5d946eedf7a359c8a7fead89efc3ffc54d491d7d7728
SHA512

263b690ae2101724fa63e38fccb801d42fe167866618419a42e47fc5e60d8ee656b58e59bd8299142fea3efac09361baf91ac119fca28f91aeb8207fd0e8679c
SSDEEP

3145728:33nzTCRrS6xjKcBanL2qHO5iVXfnGQbRe0zJcB3Z2:HzOZSWNaBHCid1XcBE

Score

10^/10

Malware Config

Targets

- Target
  
  Boostrapper.exe
- Size
  
  103.0MB
- MD5
  
  6f33bedd125bc6ad6e88248129e0fc11
- SHA1
  
  b3586fc9d03717307d92527f71ecdf706a96de05
- SHA256
  
  10bcf998d8b57e71eafc5d946eedf7a359c8a7fead89efc3ffc54d491d7d7728
- SHA512
  
  263b690ae2101724fa63e38fccb801d42fe167866618419a42e47fc5e60d8ee656b58e59bd8299142fea3efac09361baf91ac119fca28f91aeb8207fd0e8679c
- SSDEEP
  
  3145728:33nzTCRrS6xjKcBanL2qHO5iVXfnGQbRe0zJcB3Z2:HzOZSWNaBHCid1XcBE
Score

9^/10

evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  discord_token_grabber.pyc
- Size
  
  15KB
- MD5
  
  aaaeca514d98795f954c1f2eebb18881
- SHA1
  
  6331352aada5256452c43545bb6593958602a20c
- SHA256
  
  a808291bd70bbd15bedd818ef25a1dbcfbf548330fd9ddf5244143ec3eb66cc6
- SHA512
  
  ec9c019d0061103e1e1b3db7feb346136e5e4f447804f9586aacdd7da3c9b877bda1221735b08fc44586cd443b8909664a22bb90ce3a4230402357d35fe80883
- SSDEEP
  
  384:nGC7RYmnXavkLPJrltcshntQ5Maa2holHVg:nGCuvkL9ltcsttQ5MaaCgHVg
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  b97f0689742bd69af8900cd3731c5294
- SHA1
  
  28ccff4aa6009fc86d4561e5bc37ea2fb175a689
- SHA256
  
  b080857887222e4c048bba2d7bb3ebc25cc26f31bb26f645fafc01de4e46a03c
- SHA512
  
  9b2c471688fee5cb3d1112ec0d594f5c16371dbb6a1dd30668f64746f2073cea377ca6797928e67bfc933e03c52d819ec676f00a115ef3afa4eeb240daf71883
- SSDEEP
  
  96:nlNatjbBMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3MlMFztwX3:lNahBeiNR9QfUF2x3NC79F21aGaqDAht
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  3eb4ff2a9be2d13ecb7343cf82865294
- SHA1
  
  6f9d52b590a15de10dd4589ced7320734371b844
- SHA256
  
  5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4
- SHA512
  
  776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63
- SSDEEP
  
  96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  e51a6ecd8527b9e758afb60513356e19
- SHA1
  
  89feb7e8f793bef5dc22556196bb9b03387476fe
- SHA256
  
  3c2a8cf8d20d10c27c1c389064abbcce9aab9d6afe5cac26a376ebedf551bece
- SHA512
  
  acc505cea3eff572570b05418931b9be9339c0dd91922ce5ef470810bf861f2395535ccab883f470910bb4e0c9dae309382044568ae0a3aba2b9323ada1f784d
- SSDEEP
  
  192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuT:64qWLlMFyVMHAE/Y
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  source_prepared.pyc
- Size
  
  172KB
- MD5
  
  612a5a9c85652a86e0bd4f02d2af38c2
- SHA1
  
  be58812b4fad5ac630677a350cd288ab846cda98
- SHA256
  
  e47f45d74910a12f307eb75a8c30d963c3fb1345639dd9fe4a5109cef193a3ee
- SHA512
  
  ad4880ea2562b8781d25c7b573a47807bff6af12b0d98ebd1e49cb51eb6382bb0f64f732b3fc01dfd05371f4af5bdf50a76d8e7fcc15249c86c3f37ee11deaab
- SSDEEP
  
  3072:yRzHTC0aOO64G1hbTFovPZTerUScdQQV+mwiIvdXzpxsTxw:yRHC0aOO64GTFo0j8SmMse
Score

3^/10

discovery
behavioral11 behavioral12