pysilon | 7f5f60cae85f7bd49733c371942ad380928fac16c9d3f2e31459319705a1231e | Triage

Submit
Reports

Overview

overview

Static

static

Wave.exe

windows7-x64

7

Wave.exe

windows10-2004-x64

9

Resubmissions

24-01-2025 18:43

250124-xczpaatncp 10

24-01-2025 15:45

250124-s7jjbsxlbm 10

Sharing

General

Target

Wave.exe
Size

83.9MB
Sample

250124-s7jjbsxlbm
MD5

6d5ed7a44e96bc0a50e0e694723bba78
SHA1

bda9c467e6d0ef552253e453aeee08a43c09b1f9
SHA256

7f5f60cae85f7bd49733c371942ad380928fac16c9d3f2e31459319705a1231e
SHA512

ddec21c27ba9a77ab14baa4e88307a8bf79b325eb9b7c63afda0a012fb38099424315939971399ed7349ff3d059b69aa28ed4338df68199498f3fe07349e2fe1
SSDEEP

1572864:qVjlGW4Fm7OkiqOv8im2AqlE7xlhpqfiYweyJulZUdg14Ead72:2InFm7OknOv8i3diLNpuB41Z2

Score

10^/10

pysilon defense_evasion discovery execution persistence pyinstaller spyware stealer upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

Wave.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

900 seconds

Behavioral task

behavioral2

Sample

Wave.exe

Resource

win10v2004-20241007-en

defense_evasion discovery execution persistence spyware stealer upx

windows10-2004-x64

25 signatures

900 seconds

Malware Config

Targets

- Target
  
  Wave.exe
- Size
  
  83.9MB
- MD5
  
  6d5ed7a44e96bc0a50e0e694723bba78
- SHA1
  
  bda9c467e6d0ef552253e453aeee08a43c09b1f9
- SHA256
  
  7f5f60cae85f7bd49733c371942ad380928fac16c9d3f2e31459319705a1231e
- SHA512
  
  ddec21c27ba9a77ab14baa4e88307a8bf79b325eb9b7c63afda0a012fb38099424315939971399ed7349ff3d059b69aa28ed4338df68199498f3fe07349e2fe1
- SSDEEP
  
  1572864:qVjlGW4Fm7OkiqOv8im2AqlE7xlhpqfiYweyJulZUdg14Ead72:2InFm7OknOv8i3diLNpuB41Z2
Score

9^/10

upx defense_evasion discovery execution persistence spyware stealer
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

File and Directory Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2

defense_evasiondiscoveryexecutionpersistencespywarestealerupx

© 2018-2025

Terms | Privacy