pysilon | 9ebe6af6e7151e2b8570753a04eb24745fb40f4b4d548d5c8c8ef55efb27bd0f | Triage

Submit
Reports

Overview

overview

Static

static

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

Sharing

General

Target

source_prepared.exe
Size

107.5MB
Sample

240703-c1bxxaxcnp
MD5

ce7e3967cbebee2813bf0f2ba3c8d26b
SHA1

1e44ceb10b55bf0f948d1ab9fa1d6fcaf4dc97a6
SHA256

9ebe6af6e7151e2b8570753a04eb24745fb40f4b4d548d5c8c8ef55efb27bd0f
SHA512

8be40859dd7687502a389f51f0fe35a40a02b62055d12876622abb7cd49a100b9d1596c3a3086528a6cbedc8d036eedbaada06197797510b5d166105172bb7b5
SSDEEP

3145728:ZK7paiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0vM3:YVjSWNa6HHCittieBm

Score

10^/10

pysilon evasion execution persistence pyinstaller

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

source_prepared.exe

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

source_prepared.exe

Resource

win10v2004-20240508-en

evasion execution persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  107.5MB
- MD5
  
  ce7e3967cbebee2813bf0f2ba3c8d26b
- SHA1
  
  1e44ceb10b55bf0f948d1ab9fa1d6fcaf4dc97a6
- SHA256
  
  9ebe6af6e7151e2b8570753a04eb24745fb40f4b4d548d5c8c8ef55efb27bd0f
- SHA512
  
  8be40859dd7687502a389f51f0fe35a40a02b62055d12876622abb7cd49a100b9d1596c3a3086528a6cbedc8d036eedbaada06197797510b5d166105172bb7b5
- SSDEEP
  
  3145728:ZK7paiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0vM3:YVjSWNa6HHCittieBm
Score

9^/10

evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Virtualization/Sandbox Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

File and Directory Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2

evasionexecutionpersistence

© 2018-2024

Terms | Privacy