pysilon | 2c1f61393fee041bb815e13e25760a3f7ed06ee5f730faf8b26913a583168ba6 | Triage

Submit
Reports

Overview

overview

Static

static

source_prepared.exe

windows10-ltsc 2021-x64

9

Sharing

General

Target

source_prepared.exe
Size

83.1MB
Sample

250124-nfyrqaxlcl
MD5

af09b1161efb40f91b3eaebfc9d05d4c
SHA1

3adb6460a7769856a4002453c383079da6f34e48
SHA256

2c1f61393fee041bb815e13e25760a3f7ed06ee5f730faf8b26913a583168ba6
SHA512

d5525b090949da2db1b28acc1494d5fe4c1ec38e4f55c2466542ec29d649595de7745f377080347e3ce105c1dd6743af9604c69f4c9a5ce56c8f7513c1c69e09
SSDEEP

1572864:zVjlQWdFm7OkiqOv8im2AqlE7glhCiYweyJulZUdgMzZDd72:p20Fm7OknOv8i3d5LfpuoRZ2

Score

10^/10

pysilon defense_evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

source_prepared.exe

Resource

win10ltsc2021-20250113-en

defense_evasion execution persistence upx

windows10-ltsc 2021-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  83.1MB
- MD5
  
  af09b1161efb40f91b3eaebfc9d05d4c
- SHA1
  
  3adb6460a7769856a4002453c383079da6f34e48
- SHA256
  
  2c1f61393fee041bb815e13e25760a3f7ed06ee5f730faf8b26913a583168ba6
- SHA512
  
  d5525b090949da2db1b28acc1494d5fe4c1ec38e4f55c2466542ec29d649595de7745f377080347e3ce105c1dd6743af9604c69f4c9a5ce56c8f7513c1c69e09
- SSDEEP
  
  1572864:zVjlQWdFm7OkiqOv8im2AqlE7glhCiYweyJulZUdgMzZDd72:p20Fm7OknOv8i3d5LfpuoRZ2
Score

9^/10

defense_evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

defense_evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy