Overview

overview

10

Static

static

10

msedge.exe

windows7-x64

7

msedge.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    msedge.exe

  • Size

    87.2MB

  • Sample

    250127-bx8xssvmaq

  • MD5

    75d92340f16875e2006cb59683108bd1

  • SHA1

    1db3a20e1c530f829a7b36b306e7cc8a38d2f0ca

  • SHA256

    336b29d98ff010182352bd37de82dab6e8aa0b05c0b5b63f3d2c2f1e04749be5

  • SHA512

    0166db662fd1f2b0255e729de77574f917c069f434b91c9d5d82ab0d36cc5b33a65159bd5ac423813180d08942dfd0f69e99fba214366ca61b2043540a641ac6

  • SSDEEP

    1572864:02GKlDWjOsm/OkiqOv8im2AJiE7BbliEoiYgj+h58sMwJVQwOB:0nK5psm/OknOv8i3wVwE65dWw

Score
10/10
pysilondefense_evasiondiscoveryexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      msedge.exe

    • Size

      87.2MB

    • MD5

      75d92340f16875e2006cb59683108bd1

    • SHA1

      1db3a20e1c530f829a7b36b306e7cc8a38d2f0ca

    • SHA256

      336b29d98ff010182352bd37de82dab6e8aa0b05c0b5b63f3d2c2f1e04749be5

    • SHA512

      0166db662fd1f2b0255e729de77574f917c069f434b91c9d5d82ab0d36cc5b33a65159bd5ac423813180d08942dfd0f69e99fba214366ca61b2043540a641ac6

    • SSDEEP

      1572864:02GKlDWjOsm/OkiqOv8im2AJiE7BbliEoiYgj+h58sMwJVQwOB:0nK5psm/OknOv8i3wVwE65dWw

    Score
    9/10
    upxdefense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      db40ce247b464d3ac0d15080f22ce442

    • SHA1

      eb10f081e16c9566f1b487d39eda3fb8fa4b0de5

    • SHA256

      74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046

    • SHA512

      c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e

    • SSDEEP

      384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      ddc40a1cee51500039f5c98ef7b1d3c9

    • SHA1

      1e65cf0d7acb74e429844d2ee5b2d39369d17750

    • SHA256

      1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436

    • SHA512

      c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db

    • SSDEEP

      192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      fccbf8762a2d6e382b044d73c9969fbc

    • SHA1

      9530b874a2fb37cef0bdbc13775d64400c6158b4

    • SHA256

      bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89

    • SHA512

      359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      1ca5633be35a5db415bc83be9852bf0e

    • SHA1

      710a4da76579449bb0b45eecedd42aea82ba6b35

    • SHA256

      07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099

    • SHA512

      9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb

    • SSDEEP

      192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      186KB

    • MD5

      43436174a1df09e5e84d09abeec00ae1

    • SHA1

      7a433ed4640a0019efe03a8908c90f31c89908ef

    • SHA256

      96f58c90d385dbac09ccedf7329196cf81e0f14e9faaab720500f2920efe33fe

    • SHA512

      2dc165a76acf016d8d37d54eb63ddb162e8941bbde3390c3c45bae2eb2c477cdda88f87fdfe2ab086d6658660d75323c85c630ebb1c561a69aa55be780609c57

    • SSDEEP

      3072:wTYmL7zhaA9MmlRBoCJVqvpuSIVMZJ3RkgOcB4GCC8n0:wT1/zhr9BoCTquSImZJ3RkgOcmXCp

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks