Overview

overview

10

Static

static

10

Weave.exe

windows10-2004-x64

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

29/08/2024, 18:26 UTC

240829-w3jkbavdqc 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Weave.exe

  • Size

    74.6MB

  • Sample

    240829-w3jkbavdqc

  • MD5

    581c224976251f95c044539e44e435db

  • SHA1

    b6f92f06b644c05aa956723817e7c87a3de949f7

  • SHA256

    a139299465c728b4a85ef85051ed6a16887b13f6e7e6a13d040ecffe27061ebe

  • SHA512

    54c4621cb5066918d37435d454d6f413ae2228174b97db478b1bea1ecded5d921ef2a984de8f7a98ddd229cfd63d4d7cf41ec72e0e4c15db986946a63c7618f6

  • SSDEEP

    1572864:lvHcRlKW/Sk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh3reDEjV37U:lvHcRY2SkB05awcfLdMpuFh3rOQo

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Weave.exe

    • Size

      74.6MB

    • MD5

      581c224976251f95c044539e44e435db

    • SHA1

      b6f92f06b644c05aa956723817e7c87a3de949f7

    • SHA256

      a139299465c728b4a85ef85051ed6a16887b13f6e7e6a13d040ecffe27061ebe

    • SHA512

      54c4621cb5066918d37435d454d6f413ae2228174b97db478b1bea1ecded5d921ef2a984de8f7a98ddd229cfd63d4d7cf41ec72e0e4c15db986946a63c7618f6

    • SSDEEP

      1572864:lvHcRlKW/Sk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh3reDEjV37U:lvHcRY2SkB05awcfLdMpuFh3rOQo

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      00f03a943b3dd6a58279bbff482099c8

    • SHA1

      56c88f03a5f5d5abae141bc94bf287ce41347dbd

    • SHA256

      5065f9a9e6699be80d98291b3e9896330dd2595373e5ca58ced55934b2865a90

    • SHA512

      01b462a02fdab26596f42b3feb783252cebc4a3132e1ef9c73660a74c7e9de2dedebe7e69cf795183dc7bd2baeccea9596387ebd285b263067e30fb681671db6

    • SSDEEP

      384:YGC7RYmnXavkGP3ltcrhntQ5saa2holHVA:YGCuvkoltcrttQ5saaCgHVA

    Score
    3/10
    behavioral2

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      b3e069a6d0520f658a3fd652a6e51ca0

    • SHA1

      3e2590a43b110ec23dbbe4e55145c6f1cd27800e

    • SHA256

      232fb80756e38b78775ec75d7ee46d15ac394ed7d197b577b2c98dd00709b007

    • SHA512

      54a3cc21d321003808c2e1b9d52c06738ea0c80842d57ed754b05ff493157b22805a4d484bc46804d83ec052db535ceeb79708087355103cf75e3d2c9e0ce5bb

    • SSDEEP

      192:kNal3eiNis9QfUF2x3NC79F211G67+EtAhN:kJiB2XtF7jKkAhN

    Score
    3/10
    behavioral3

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      3af0657bf4d2cdcd8e84aeee71be06f7

    • SHA1

      bd28a025931e96da24c9818e1a1648d2ce7f5212

    • SHA256

      83bbb656424fab009b612232bab4970a8bd49c944285975babb3de8f99db9da6

    • SHA512

      a402b759e427ed78e55650b9188772916787a1734f5dd5a5782d98228c7c9da11057627bcad29aa94139a9c20b1c4ca2e8c92983b38384245855f6da3369dace

    • SSDEEP

      96:ySMlhlvyz7DweHPF8+VB7sHIZGQSWfvmyyZ1k9qHub:Lolvyzgevq+VBXZGQlvmV1kkHub

    Score
    3/10
    behavioral4

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      91bebfc811f4706852fc415d7b2cc836

    • SHA1

      26a7645c5b2590a29bb403cb7be00c3ad5e575b3

    • SHA256

      fb77fa8b2407db4127a67e37188e0d722c981280b605f6173d737f39e3582dce

    • SHA512

      1e5ad7a82f60df0d8bc048ff31ca716cc93d1e167ef9f53e916a608b5a7709f884b657854848a9b6e586f994c010f00dba55c9c76f864b93594ff2ce9fddbadd

    • SSDEEP

      192:h114qWLfhuUIxDPK2cxDJb+XUhitovgEuz:V4qWLfMFyVxDAE/4

    Score
    3/10
    behavioral5

    • Target

      source_prepared.pyc

    • Size

      161KB

    • MD5

      2009b4cc37f831157ebdd816b46277ae

    • SHA1

      d4c3bb2e1c4db270f06bfa28de33ab5e557c4527

    • SHA256

      7992f80e9f34800ca8e6ebf4e2a76e5bbe91216e24502d3d5d1e6fbd288424ed

    • SHA512

      453256f8112a15d9f5a8399de8a08da8ebc7f37fd4c3aab6a881c3e36e1406fbe772cc407c044a5602d109787d0b64caf38f898270441ac5b8fdab7a8a114deb

    • SSDEEP

      3072:nQ5aOO9fXlR5FSGInoYPZTi+5JvGmOIvdXz7p8sTWe:Q5aOO9fXMnorGlGmCs9

    Score
    3/10
    behavioral6

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.