Overview

overview

10

Static

static

10

Weave.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Weave.exe

  • Size

    74.6MB

  • Sample

    240829-w1v6bswhkq

  • MD5

    581c224976251f95c044539e44e435db

  • SHA1

    b6f92f06b644c05aa956723817e7c87a3de949f7

  • SHA256

    a139299465c728b4a85ef85051ed6a16887b13f6e7e6a13d040ecffe27061ebe

  • SHA512

    54c4621cb5066918d37435d454d6f413ae2228174b97db478b1bea1ecded5d921ef2a984de8f7a98ddd229cfd63d4d7cf41ec72e0e4c15db986946a63c7618f6

  • SSDEEP

    1572864:lvHcRlKW/Sk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh3reDEjV37U:lvHcRY2SkB05awcfLdMpuFh3rOQo

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Weave.exe

    • Size

      74.6MB

    • MD5

      581c224976251f95c044539e44e435db

    • SHA1

      b6f92f06b644c05aa956723817e7c87a3de949f7

    • SHA256

      a139299465c728b4a85ef85051ed6a16887b13f6e7e6a13d040ecffe27061ebe

    • SHA512

      54c4621cb5066918d37435d454d6f413ae2228174b97db478b1bea1ecded5d921ef2a984de8f7a98ddd229cfd63d4d7cf41ec72e0e4c15db986946a63c7618f6

    • SSDEEP

      1572864:lvHcRlKW/Sk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh3reDEjV37U:lvHcRY2SkB05awcfLdMpuFh3rOQo

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks