pysilon | 59f1c83d17ea02c6c8d315617f5382c49c485a149df41843d19e1d4c02f7fcaa

General

Target

CelexCracked.rar
Size

78.1MB
Sample

240705-dfmpcatbra
MD5

cbf4aebac3872bd49090b6eaf068278f
SHA1

432e83834f33d4cb57291ce1f36a318e1a9e1041
SHA256

59f1c83d17ea02c6c8d315617f5382c49c485a149df41843d19e1d4c02f7fcaa
SHA512

da4d106b0115e24d6957c90c73d799bdf452c694bed1e760a01b0706dfb78d5161b7826058f995cec639a41c46eb85c54017102d7b3e2b1f67427183eb3e7fa0
SSDEEP

1572864:g3jVGpeudTf+SSJQwf5bn29Z4AjSGKU19Wjww2xWY6fqPo+ztCXX1zrydn69tux:MjVGEuRf+fQwfwaESHcy2xWY6ooCet+h

Score

10^/10

Malware Config

Targets

- Target
  
  CelexCracked.rar
- Size
  
  78.1MB
- MD5
  
  cbf4aebac3872bd49090b6eaf068278f
- SHA1
  
  432e83834f33d4cb57291ce1f36a318e1a9e1041
- SHA256
  
  59f1c83d17ea02c6c8d315617f5382c49c485a149df41843d19e1d4c02f7fcaa
- SHA512
  
  da4d106b0115e24d6957c90c73d799bdf452c694bed1e760a01b0706dfb78d5161b7826058f995cec639a41c46eb85c54017102d7b3e2b1f67427183eb3e7fa0
- SSDEEP
  
  1572864:g3jVGpeudTf+SSJQwf5bn29Z4AjSGKU19Wjww2xWY6fqPo+ztCXX1zrydn69tux:MjVGEuRf+fQwfwaESHcy2xWY6ooCet+h
Score

3^/10
behavioral1 behavioral2
- Target
  
  CelexCracked/CelexCracked.exe
- Size
  
  81.1MB
- MD5
  
  e2e6af6f6f3436fdf10412424be65157
- SHA1
  
  75f21276b035e86b9de02b444ab1f37faedd9dab
- SHA256
  
  dace392c74b011056f4e690925476706f0d37fd676f4f37886ec931d79ee84a9
- SHA512
  
  04e074d00805d5d5735fa388f53d1d7bdeb76dea2df955e99c1d72404836f41773a9ac4fbb10c2c0e25cd9999264418fed430cba1b5498d1b02ef80280d5c623
- SSDEEP
  
  1572864:bvxZQgl8ySk8IpG7V+VPhqHDE7jblgA7iYgj+h58sMw8Wunbd3RR:bvxZx7SkB05awHaeA15wZ
Score

9^/10

upx evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  discord_token_grabber.pyc
- Size
  
  17KB
- MD5
  
  db40ce247b464d3ac0d15080f22ce442
- SHA1
  
  eb10f081e16c9566f1b487d39eda3fb8fa4b0de5
- SHA256
  
  74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046
- SHA512
  
  c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e
- SSDEEP
  
  384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8
Score

3^/10
behavioral5 behavioral6
- Target
  
  get_cookies.pyc
- Size
  
  10KB
- MD5
  
  ddc40a1cee51500039f5c98ef7b1d3c9
- SHA1
  
  1e65cf0d7acb74e429844d2ee5b2d39369d17750
- SHA256
  
  1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436
- SHA512
  
  c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db
- SSDEEP
  
  192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE
Score

3^/10
behavioral7 behavioral8
- Target
  
  misc.pyc
- Size
  
  5KB
- MD5
  
  fccbf8762a2d6e382b044d73c9969fbc
- SHA1
  
  9530b874a2fb37cef0bdbc13775d64400c6158b4
- SHA256
  
  bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89
- SHA512
  
  359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20
- SSDEEP
  
  96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ
Score

3^/10
behavioral10 behavioral9
- Target
  
  passwords_grabber.pyc
- Size
  
  8KB
- MD5
  
  1ca5633be35a5db415bc83be9852bf0e
- SHA1
  
  710a4da76579449bb0b45eecedd42aea82ba6b35
- SHA256
  
  07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099
- SHA512
  
  9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb
- SSDEEP
  
  192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn
Score

3^/10
behavioral11 behavioral12
- Target
  
  source_prepared.pyc
- Size
  
  180KB
- MD5
  
  96fa06a3158c724d679bce6120d6bba9
- SHA1
  
  9a83a089b05933e154d75d9b6f613e413acb26b0
- SHA256
  
  266790e4221f2617a836529d3d2e2d554c41482651f617a761670784e9d3ea26
- SHA512
  
  dd15a1925ed5afa9121026c72cf9ed8059b5c4c785b55fa6997c7f037984ca31d83fe8bd04030fb37fbb4a1eb843fe56a7ec6e26183e795235bfe39c982308f3
- SSDEEP
  
  3072:SHyL76bA9KcGaoGjjE/ZoSdxZJEgMgdcnC2C8nW:T/6e+aoGXgoSjZJEgMgdcnPCz
Score

3^/10
behavioral13 behavioral14
- Target
  
  CelexCracked/cracked by Sol.txt
- Size
  
  28B
- MD5
  
  4aeb3df71e36445ee8da031f6e8319db
- SHA1
  
  bf3bf23f75da16947c65ed8a34d30ad5ff9c7d08
- SHA256
  
  3d0254f4879bc1d4a24be6dce47352a7215f716dde44ff5dd5da922610d7ef5c
- SHA512
  
  47f789c553c1e92d4c7e5ccb1aa5db69de522f39b484bc142147223354c107f77532364b629c8b54dec6aa4f43d502864be147efa1df1d4d1a2ce7f156f6559f
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16