pysilon | bdaeb579a58bcd99b70987a9ae1175736d49e6becb2c2bb59a15c0741ff95d67

General

Target

Sleezy Temp quacked.rar
Size

86.9MB
Sample

250126-xm7gwazmbs
MD5

c2d50b373bcee770333642d84c717dc0
SHA1

4e0436b7a96d20cd0ffc8f1ba370f4041138f48c
SHA256

bdaeb579a58bcd99b70987a9ae1175736d49e6becb2c2bb59a15c0741ff95d67
SHA512

335cca8af355e3ec78c2e6227484dffad13fd3f659ce1eb76d99d12248882a55f8c1d6a91b6a7daf66853338b50ea525f05ed5477ef40a50ed1ae507a258efd3
SSDEEP

1572864:2D68+DBuV0ED0qUBnXuPPCctDIPWhgwSi+DPBn/lu+LvAI8iUsorbxAAAQPg:c68+DBuVR4qUBnXcFIP6Si+jBn/l7LvX

Score

10^/10

Malware Config

Targets

- Target
  
  Sleezy Temp quacked.rar
- Size
  
  86.9MB
- MD5
  
  c2d50b373bcee770333642d84c717dc0
- SHA1
  
  4e0436b7a96d20cd0ffc8f1ba370f4041138f48c
- SHA256
  
  bdaeb579a58bcd99b70987a9ae1175736d49e6becb2c2bb59a15c0741ff95d67
- SHA512
  
  335cca8af355e3ec78c2e6227484dffad13fd3f659ce1eb76d99d12248882a55f8c1d6a91b6a7daf66853338b50ea525f05ed5477ef40a50ed1ae507a258efd3
- SSDEEP
  
  1572864:2D68+DBuV0ED0qUBnXuPPCctDIPWhgwSi+DPBn/lu+LvAI8iUsorbxAAAQPg:c68+DBuVR4qUBnXcFIP6Si+jBn/l7LvX
Score

7^/10
- Executes dropped EXE
behavioral1
- Target
  
  Sleezy Temp quacked.exe
- Size
  
  654KB
- MD5
  
  96a7654fb6e5289f85b22d1109f607d3
- SHA1
  
  be18a6870defd229ab8f031c6cf7404bcc27bb28
- SHA256
  
  73c95001186d43a8886a61aac7c8b4f6f69a616e0f0b4be108468b992ebdd899
- SHA512
  
  97f211c69ff2e2bc5fd8f37153794b6fd62ef27dfbdeaa48fdae87507ce097c0084c65ebccd0b34e863a8c88a5f486fe74bae08ce32914f68bdf288c674baed8
- SSDEEP
  
  12288:IZtO+AEjL20zpTOq1qnY7I1P7zmEgxRWcydzARx:otO+AEjL20lTv1qnYgP2E/tdzARx
Score

1^/10
behavioral2
- Target
  
  Sleezy Temp quacked/Sleezy Temp quacked.exe
- Size
  
  654KB
- MD5
  
  96a7654fb6e5289f85b22d1109f607d3
- SHA1
  
  be18a6870defd229ab8f031c6cf7404bcc27bb28
- SHA256
  
  73c95001186d43a8886a61aac7c8b4f6f69a616e0f0b4be108468b992ebdd899
- SHA512
  
  97f211c69ff2e2bc5fd8f37153794b6fd62ef27dfbdeaa48fdae87507ce097c0084c65ebccd0b34e863a8c88a5f486fe74bae08ce32914f68bdf288c674baed8
- SSDEEP
  
  12288:IZtO+AEjL20zpTOq1qnY7I1P7zmEgxRWcydzARx:otO+AEjL20lTv1qnYgP2E/tdzARx
Score

1^/10
behavioral3
- Target
  
  Sleezy Temp quacked/dxwebsetup.exe
- Size
  
  288KB
- MD5
  
  2cbd6ad183914a0c554f0739069e77d7
- SHA1
  
  7bf35f2afca666078db35ca95130beb2e3782212
- SHA256
  
  2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f
- SHA512
  
  ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10
- SSDEEP
  
  6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral4
- Target
  
  Sleezy Temp quacked/ghostytemp.exe
- Size
  
  87.4MB
- MD5
  
  816782c972c558580fd3b3a218bb4746
- SHA1
  
  b293bf0b34219d41efea1b10138f4ce4d6da7539
- SHA256
  
  151c512ffbf6cd14aa7f72d8d30a9a909dbd513d061f8e5d39bf67600f137f01
- SHA512
  
  220f486f7161ac2c8e2838e64a442492dc3ae023f64542cd13627a3e67abd67c724c05624257671c673d94b6643da9a5de12f6e10024c318956f231fa909fd90
- SSDEEP
  
  1572864:Y2GKlXebWSsm/OkiqOv8im2A3+T9E7CliHiYgj+h58sMw5I6e3k9PcJFJZ:YnKRC3sm/OknOv8i36+TXwZ5FHe3kgJ
Score

9^/10

defense_evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5