pysilon | ecac0c4dfa465334bb9984703195d13b5dca81dbfcebf7b6286da78f42678e13 | Triage

Submit
Reports

Overview

overview

Static

static

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

8

Sharing

General

Target

source_prepared.exe
Size

82.3MB
Sample

250126-1s14tswrgl
MD5

ae89c50ad94817cf7bc5d3e26f790689
SHA1

1e9c3d7d249a6b3a9042a5108f384d53eee97073
SHA256

ecac0c4dfa465334bb9984703195d13b5dca81dbfcebf7b6286da78f42678e13
SHA512

3792df826dece6ab41f19fae1f0cbae2181deea93ab5f011a5a6c8225f8191f867ab5c6c5bc146ee081e81ed8231ef1d4beb584b6609aa52526d2830701e30ad
SSDEEP

1572864:GbVl1xWQomDOkiqOv8im2AsUE7WSlKiRiY4MHHLeqPNLtDSvZZgDX:GpdnomDOknOv8i3lASMiOMHVLt2voT

Score

10^/10

pysilon defense_evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

source_prepared.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

source_prepared.exe

Resource

win10v2004-20241007-en

defense_evasion execution persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  82.3MB
- MD5
  
  ae89c50ad94817cf7bc5d3e26f790689
- SHA1
  
  1e9c3d7d249a6b3a9042a5108f384d53eee97073
- SHA256
  
  ecac0c4dfa465334bb9984703195d13b5dca81dbfcebf7b6286da78f42678e13
- SHA512
  
  3792df826dece6ab41f19fae1f0cbae2181deea93ab5f011a5a6c8225f8191f867ab5c6c5bc146ee081e81ed8231ef1d4beb584b6609aa52526d2830701e30ad
- SSDEEP
  
  1572864:GbVl1xWQomDOkiqOv8im2AsUE7WSlKiRiY4MHHLeqPNLtDSvZZgDX:GpdnomDOknOv8i3lASMiOMHVLt2voT
Score

8^/10

upx defense_evasion execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2

defense_evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy