Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

31-01-2025 14:23

250131-rqf67sxqhw 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    84.4MB

  • Sample

    250131-rqf67sxqhw

  • MD5

    fda00911ea38642cda92d787e072d737

  • SHA1

    886715865119d72ccd2c84644bc8a6873e448753

  • SHA256

    d256dee9c18ee54f961cc3d5295c5f6553e48979842da301a63be43969e7ccd7

  • SHA512

    c1fe959a022f6149db21666246196db0ab23e91117ea8ea87c1862372d3ab15bbe0fb20bcf871468e355de2539892e303a83e8479059d175630a95d5ab97804b

  • SSDEEP

    1572864:FVjl4WwZXm7OkiqOv8im2A3+TUE7slh+eiYweyJulZUdgKXUxjCHZvkOgs1:3+7ZXm7OknOv8i36+TCLkpumX2okO5

Score
10/10
pysilondefense_evasiondiscoveryexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      84.4MB

    • MD5

      fda00911ea38642cda92d787e072d737

    • SHA1

      886715865119d72ccd2c84644bc8a6873e448753

    • SHA256

      d256dee9c18ee54f961cc3d5295c5f6553e48979842da301a63be43969e7ccd7

    • SHA512

      c1fe959a022f6149db21666246196db0ab23e91117ea8ea87c1862372d3ab15bbe0fb20bcf871468e355de2539892e303a83e8479059d175630a95d5ab97804b

    • SSDEEP

      1572864:FVjl4WwZXm7OkiqOv8im2A3+TUE7slh+eiYweyJulZUdgKXUxjCHZvkOgs1:3+7ZXm7OknOv8i36+TCLkpumX2okO5

    Score
    9/10
    upxdefense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      16KB

    • MD5

      725de9fcbbafc763e52c1890229e95d3

    • SHA1

      9f706ed61c350f634c1219a450680d8d943fab94

    • SHA256

      61a871eed93301374ff8242c30e7da5ef568ba1fdd612482a0bba99583ae675f

    • SHA512

      993ec6762f902ccd8753ce64a045717255aa63d7af58f0e38f997e4433ff302581479ef83a2bf0faba768981d2e471b01071de7373894fc506716571ba61e56a

    • SSDEEP

      384:nGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:nGCuvk8WltcrttQ5saaCsVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      c9a26682b507d80f6293b7812712a656

    • SHA1

      08717581287f9ce3ce45620b65bf9af9388bd56d

    • SHA256

      977c728a338029209993bdea34d5476491be08fedcdc4d9810aa477e26118638

    • SHA512

      54eeb20ea0cf309fa5eb31b3f37318e07965217f6f8adc8b1ba2cef8c7559db82792b8470f44e8989efde29b31b13e79d97c6c9a6549e765190336edbc4c02c7

    • SSDEEP

      192:lNal3eiNis9QfUFoxJvm79F211G67+PtAhN:lJiB2lrj7jKlAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      f450829addc19ea4da350682ab197177

    • SHA1

      d945d4aeb21e9aa3b995c05afa4ae9310427b664

    • SHA256

      5d285150443c750bb0b68da4cc87732b81703e9665f719247a0ee62bd9482ca6

    • SHA512

      645a11a031c4872b378201555a1c2a0aaa5537cb83d9a98028f09dbcfac527b691b8ef417b616ad2a7ce3d2920f4081fbd8dd201e83db74dacb01615510d15bb

    • SSDEEP

      96:XSMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:iolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      7d2e86e5d8afcff3d134f866f33d836c

    • SHA1

      1791cfa048717d69f51c56ecf63f5047b088532d

    • SHA256

      30c7051140e658b94573f4fd7bcdfcef0ac6e54aec22a69220632437f6f465cd

    • SHA512

      555fb2eafcb4a9d5762608396969d635e6d260f50089e1bc949a2c37aa6531526ee8c3e365e10b88b04b5afb966d3d112e5bbcf4414e4ffef305c1fbb61dbc5b

    • SSDEEP

      192:A114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:64qWLfMtzVxDAEW7

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      168KB

    • MD5

      0c2dc76090640f3ff91f034877834dd9

    • SHA1

      aa9137c15733747f88b114041eb0255195cca5b4

    • SHA256

      5d6b07c66a507b4d30138e72359042fed82b95b7e51c926ac6c1e326b42537ad

    • SHA512

      8c26666149efd4599dec9faae521a64abe2e6d1b759c909ebc9cd8e3fec175d0670d27a177f7d6180ce6864caf46e4db29fd6ed7c7a80426099dedd9e3c60d9c

    • SSDEEP

      3072:NwtRaOO9D4SDzvFoXPZTJ0pZXScT0sMIvdXz7sTWP:NYRaOO9D4S/Fo4pUY0sJsS

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks