Overview

overview

10

Static

static

10

source_prepared.exe

windows11-21h2-x64

discord_to...er.pyc

windows11-21h2-x64

3

get_cookies.pyc

windows11-21h2-x64

3

misc.pyc

windows11-21h2-x64

3

passwords_grabber.pyc

windows11-21h2-x64

3

source_prepared.pyc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    111.5MB

  • Sample

    250416-tt369axms9

  • MD5

    7c971114447ce7b54e944bf6a51bf0bd

  • SHA1

    6c2958c2c963f2c45dc2a6f63ef2f5860917fb37

  • SHA256

    1540f49abb2422bb482b2840baee1e822a03069ccdbb8ceed367b3b6b2ed463c

  • SHA512

    9d030c204429e6a9f50c244350456a018baac4851068dafcf47dc160f939ad91baaf846ae8aa0620535c34ee8755d857991146f4df497d4d58001e6aa6199a6e

  • SSDEEP

    3145728:n0zSzeibJjz9wHE1s2qHO5iVdWnGQbRe0zJcBc+uhZ2:n0zs1Zw3HCiY1XcBc+V

Score
10/10
pysiloncredential_accessdefense_evasiondiscoveryexecutionpersistencepyinstallerspywarestealer

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      111.5MB

    • MD5

      7c971114447ce7b54e944bf6a51bf0bd

    • SHA1

      6c2958c2c963f2c45dc2a6f63ef2f5860917fb37

    • SHA256

      1540f49abb2422bb482b2840baee1e822a03069ccdbb8ceed367b3b6b2ed463c

    • SHA512

      9d030c204429e6a9f50c244350456a018baac4851068dafcf47dc160f939ad91baaf846ae8aa0620535c34ee8755d857991146f4df497d4d58001e6aa6199a6e

    • SSDEEP

      3145728:n0zSzeibJjz9wHE1s2qHO5iVdWnGQbRe0zJcBc+uhZ2:n0zs1Zw3HCiY1XcBc+V

    Score
    9/10
    credential_accessdefense_evasiondiscoveryexecutionpersistencespywarestealer

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      aaaeca514d98795f954c1f2eebb18881

    • SHA1

      6331352aada5256452c43545bb6593958602a20c

    • SHA256

      a808291bd70bbd15bedd818ef25a1dbcfbf548330fd9ddf5244143ec3eb66cc6

    • SHA512

      ec9c019d0061103e1e1b3db7feb346136e5e4f447804f9586aacdd7da3c9b877bda1221735b08fc44586cd443b8909664a22bb90ce3a4230402357d35fe80883

    • SSDEEP

      384:nGC7RYmnXavkLPJrltcshntQ5Maa2holHVg:nGCuvkL9ltcsttQ5MaaCgHVg

    Score
    3/10
    behavioral2

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      b97f0689742bd69af8900cd3731c5294

    • SHA1

      28ccff4aa6009fc86d4561e5bc37ea2fb175a689

    • SHA256

      b080857887222e4c048bba2d7bb3ebc25cc26f31bb26f645fafc01de4e46a03c

    • SHA512

      9b2c471688fee5cb3d1112ec0d594f5c16371dbb6a1dd30668f64746f2073cea377ca6797928e67bfc933e03c52d819ec676f00a115ef3afa4eeb240daf71883

    • SSDEEP

      96:nlNatjbBMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3MlMFztwX3:lNahBeiNR9QfUF2x3NC79F21aGaqDAht

    Score
    3/10
    behavioral3

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      3eb4ff2a9be2d13ecb7343cf82865294

    • SHA1

      6f9d52b590a15de10dd4589ced7320734371b844

    • SHA256

      5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4

    • SHA512

      776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63

    • SSDEEP

      96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub

    Score
    3/10
    behavioral4

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      e51a6ecd8527b9e758afb60513356e19

    • SHA1

      89feb7e8f793bef5dc22556196bb9b03387476fe

    • SHA256

      3c2a8cf8d20d10c27c1c389064abbcce9aab9d6afe5cac26a376ebedf551bece

    • SHA512

      acc505cea3eff572570b05418931b9be9339c0dd91922ce5ef470810bf861f2395535ccab883f470910bb4e0c9dae309382044568ae0a3aba2b9323ada1f784d

    • SSDEEP

      192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuT:64qWLlMFyVMHAE/Y

    Score
    3/10
    behavioral5

    • Target

      source_prepared.pyc

    • Size

      167KB

    • MD5

      168068684c5bd4211f882feec4adf1b7

    • SHA1

      93f9612dd760179e9525043d87d3340fb548f3ab

    • SHA256

      16dfc20383f12b0ed18d177d67c6e69e605b46040fc7a1c4bf67f0d39cddda8b

    • SHA512

      966a13f5d2d9c252f633e59aa7e966e923ed71dbf36bdaff181817bd5d14f4fa49b3b0f1ea4e283502cc8eec8999650f19f5c25fbc0bea5b3e4e1915923ac86f

    • SSDEEP

      3072:AezH0naOO/wqSlDRkoCPZTerfSc6AaZIvdXzm2sTxf:CnaOO/wqS3koJaPAaQsF

    Score
    3/10
    behavioral6

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials from Password Stores

2
T1555

Credentials from Web Browsers

1
T1555.003

Windows Credential Manager

1
T1555.004

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

File and Directory Discovery

1
T1083

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

4
T1082

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks