pysilon | cf8b0038277f80f6ccae1d3b253b2eaef42d592cf986536bd43ad4022bbabba6 | Triage

Submit
Reports

Overview

overview

Static

static

source_prepared.exe

windows11-21h2-x64

8

Sharing

General

Target

source_prepared.exe
Size

80.6MB
Sample

240630-sq76cstbjj
MD5

5c92a72875b245378a6f4f8a9af7e2a1
SHA1

a9a0cae4a0bcc9817d771b1c926ffb3175ec30db
SHA256

cf8b0038277f80f6ccae1d3b253b2eaef42d592cf986536bd43ad4022bbabba6
SHA512

7a4f4fa9e07bf7568d6f5ffd327950e1d027832a3d913228e9f56bf9c4732c84be8230d50bc2c365bcea7af4730807ed40808a1ed84959c366e412ebafb9a684
SSDEEP

1572864:OvNBYQglX2XaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5IlWj95qgcJX0:OvNBYxRtSkB05awb+Tfe25FSK95K0

Score

10^/10

pysilon evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

source_prepared.exe

Resource

win11-20240419-en

evasion execution persistence upx

windows11-21h2-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  80.6MB
- MD5
  
  5c92a72875b245378a6f4f8a9af7e2a1
- SHA1
  
  a9a0cae4a0bcc9817d771b1c926ffb3175ec30db
- SHA256
  
  cf8b0038277f80f6ccae1d3b253b2eaef42d592cf986536bd43ad4022bbabba6
- SHA512
  
  7a4f4fa9e07bf7568d6f5ffd327950e1d027832a3d913228e9f56bf9c4732c84be8230d50bc2c365bcea7af4730807ed40808a1ed84959c366e412ebafb9a684
- SSDEEP
  
  1572864:OvNBYQglX2XaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5IlWj95qgcJX0:OvNBYxRtSkB05awb+Tfe25FSK95K0
Score

8^/10

evasion execution persistence upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallerpysilon

behavioral1

evasionexecutionpersistenceupx

© 2018-2024

Terms | Privacy