Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.py

  • Size

    58.7MB

  • Sample

    250201-1hm48atkgn

  • MD5

    abe019237a4af81e13fc14cda1e1afdb

  • SHA1

    780291dd5527613e54c3b1ce423888ed2509f99e

  • SHA256

    93a2dc4b636b3b18a6399ab44aabf4351657f0ab6543fd9dd659d34c7f9d9469

  • SHA512

    f03759e6903d9202542c3a0ff09abb7b7c7806ca7ec88b3e1f7bf3c8ad749214db57af1c2ab5b70749fac7aa79a712b11bed66ddd9b1a8e96aa7a4c105109e35

  • SSDEEP

    1572864:xVjl/WdXm7OkiqOv8im2ARxE7glhNzfK:jJ0Xm7OknOv8i3K1L1

Score
10/10
pysilondefense_evasiondiscoveryexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.py

    • Size

      58.7MB

    • MD5

      abe019237a4af81e13fc14cda1e1afdb

    • SHA1

      780291dd5527613e54c3b1ce423888ed2509f99e

    • SHA256

      93a2dc4b636b3b18a6399ab44aabf4351657f0ab6543fd9dd659d34c7f9d9469

    • SHA512

      f03759e6903d9202542c3a0ff09abb7b7c7806ca7ec88b3e1f7bf3c8ad749214db57af1c2ab5b70749fac7aa79a712b11bed66ddd9b1a8e96aa7a4c105109e35

    • SSDEEP

      1572864:xVjl/WdXm7OkiqOv8im2ARxE7glhNzfK:jJ0Xm7OknOv8i3K1L1

    Score
    9/10
    upxdefense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      aaaeca514d98795f954c1f2eebb18881

    • SHA1

      6331352aada5256452c43545bb6593958602a20c

    • SHA256

      a808291bd70bbd15bedd818ef25a1dbcfbf548330fd9ddf5244143ec3eb66cc6

    • SHA512

      ec9c019d0061103e1e1b3db7feb346136e5e4f447804f9586aacdd7da3c9b877bda1221735b08fc44586cd443b8909664a22bb90ce3a4230402357d35fe80883

    • SSDEEP

      384:nGC7RYmnXavkLPJrltcshntQ5Maa2holHVg:nGCuvkL9ltcsttQ5MaaCgHVg

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      b97f0689742bd69af8900cd3731c5294

    • SHA1

      28ccff4aa6009fc86d4561e5bc37ea2fb175a689

    • SHA256

      b080857887222e4c048bba2d7bb3ebc25cc26f31bb26f645fafc01de4e46a03c

    • SHA512

      9b2c471688fee5cb3d1112ec0d594f5c16371dbb6a1dd30668f64746f2073cea377ca6797928e67bfc933e03c52d819ec676f00a115ef3afa4eeb240daf71883

    • SSDEEP

      96:nlNatjbBMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3MlMFztwX3:lNahBeiNR9QfUF2x3NC79F21aGaqDAht

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      3eb4ff2a9be2d13ecb7343cf82865294

    • SHA1

      6f9d52b590a15de10dd4589ced7320734371b844

    • SHA256

      5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4

    • SHA512

      776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63

    • SSDEEP

      96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      e51a6ecd8527b9e758afb60513356e19

    • SHA1

      89feb7e8f793bef5dc22556196bb9b03387476fe

    • SHA256

      3c2a8cf8d20d10c27c1c389064abbcce9aab9d6afe5cac26a376ebedf551bece

    • SHA512

      acc505cea3eff572570b05418931b9be9339c0dd91922ce5ef470810bf861f2395535ccab883f470910bb4e0c9dae309382044568ae0a3aba2b9323ada1f784d

    • SSDEEP

      192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuT:64qWLlMFyVMHAE/Y

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      165KB

    • MD5

      377dace5a7c5ea6eab8f7d8df7c29640

    • SHA1

      06ddfd92a62cc10628f3252eac8d3fc4f4ef5e94

    • SHA256

      5cb7938af998d4363d869e23df442f2da3d75de673cc4a3f06e3eaef26eb0fef

    • SHA512

      e824592195fffec404ff5c31464a5aee1c0e2914f72ba7b4d18b01b221ea4e3758daa4a54f8a8d142c7f3bbb4d40a9bad2a2a0f4aa89214cae12055e3dece1e1

    • SSDEEP

      3072:PO74aOO2zbSkKSko1PZTerfSc6AxdIvdXzBpsTO3:PC4aOO2zbSsko+aPAxQs+

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks