![]() ![]() This is an advanced RAT coded in the Python programming language, designed for complete control via Discord, featuring a specialized GUI builder. The image depicted below displays the GUI of the PySilon builder, showing a range of options for constructing a binary file. The PySilon RAT builder enables TAs to create a customized malicious binary file with the desired functionalities for their malware. Figure 5 – PySilon malware package version 3.6 The “resources” folder comprises multiple Python scripts, each dedicated to a specific functionality of the RAT malware. Upon running the “PySilon.bat” file, it launches a GUI that provides users with the ability to create a customized PySilon RAT binary and subsequently save it to the “dist” folder. The following figure shows the PySilon builder package. The malware files generated using the PySilon builder utilize file names, which include: ![]() Figure 4 – First discovery of PySilon RAT executable in VirusTotalĭuring the time of our analysis, FalconFeedsio also posted a Twitter message indicating that a forum user was endorsing the “PySilon Malware.” Additionally, we have identified numerous samples that mimic software, tools, and cracks suspecting that they were downloaded from phishing websites, free software downloading sites, etc. The malware created using the PySilon builder was initially identified by NeikiAnalytics approximately one month ago, as shown below. PySilon v3.6, the most recent version, was released at the end of August 2023, boasting advanced malicious functionalities. The PySilon project (PySilon v1.0), featuring basic malware capabilities, was originally posted on GitHub in early December 2022. Figure 2 – PySilon RAT with Adobe Photoshop Icon After conducting an analysis, it was noticed that the PyInstaller malware executable was created utilizing an open-source GitHub project known as “PySilon,” a Remote Access Trojan (RAT). We presume that this executable comes from a phishing website. On September 13th, CRIL came across a PyInstaller file named “Adobe Photoshop.exe” on VirusTotal. The upward trend in these samples suggests a growing usage of PySilon RAT.įigure 1- Rise of PySilon RAT (Stats Source- VirusTotal) It has been noted that over 300 samples of this malware have been reported on VirusTotal since June 2023. CRIL has recently come across multiple instances of PySilon RAT, an open-source malware. Threat Actors (TAs) resort to open-source malware available on platforms like GitHub due to its convenience, advanced functionalities, and adaptability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |