pysilon | a139299465c728b4a85ef85051ed6a16887b13f6e7e6a13d040ecffe27061ebe

General

Target

Weave.exe
Size

74.6MB
Sample

240829-w3jkbavdqc
MD5

581c224976251f95c044539e44e435db
SHA1

b6f92f06b644c05aa956723817e7c87a3de949f7
SHA256

a139299465c728b4a85ef85051ed6a16887b13f6e7e6a13d040ecffe27061ebe
SHA512

54c4621cb5066918d37435d454d6f413ae2228174b97db478b1bea1ecded5d921ef2a984de8f7a98ddd229cfd63d4d7cf41ec72e0e4c15db986946a63c7618f6
SSDEEP

1572864:lvHcRlKW/Sk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh3reDEjV37U:lvHcRY2SkB05awcfLdMpuFh3rOQo

Score

10^/10

Malware Config

Targets

- Target
  
  Weave.exe
- Size
  
  74.6MB
- MD5
  
  581c224976251f95c044539e44e435db
- SHA1
  
  b6f92f06b644c05aa956723817e7c87a3de949f7
- SHA256
  
  a139299465c728b4a85ef85051ed6a16887b13f6e7e6a13d040ecffe27061ebe
- SHA512
  
  54c4621cb5066918d37435d454d6f413ae2228174b97db478b1bea1ecded5d921ef2a984de8f7a98ddd229cfd63d4d7cf41ec72e0e4c15db986946a63c7618f6
- SSDEEP
  
  1572864:lvHcRlKW/Sk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh3reDEjV37U:lvHcRY2SkB05awcfLdMpuFh3rOQo
Score

9^/10

evasion execution persistence upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  discord_token_grabber.pyc
- Size
  
  15KB
- MD5
  
  00f03a943b3dd6a58279bbff482099c8
- SHA1
  
  56c88f03a5f5d5abae141bc94bf287ce41347dbd
- SHA256
  
  5065f9a9e6699be80d98291b3e9896330dd2595373e5ca58ced55934b2865a90
- SHA512
  
  01b462a02fdab26596f42b3feb783252cebc4a3132e1ef9c73660a74c7e9de2dedebe7e69cf795183dc7bd2baeccea9596387ebd285b263067e30fb681671db6
- SSDEEP
  
  384:YGC7RYmnXavkGP3ltcrhntQ5saa2holHVA:YGCuvkoltcrttQ5saaCgHVA
Score

3^/10
behavioral2
- Target
  
  get_cookies.pyc
- Size
  
  9KB
- MD5
  
  b3e069a6d0520f658a3fd652a6e51ca0
- SHA1
  
  3e2590a43b110ec23dbbe4e55145c6f1cd27800e
- SHA256
  
  232fb80756e38b78775ec75d7ee46d15ac394ed7d197b577b2c98dd00709b007
- SHA512
  
  54a3cc21d321003808c2e1b9d52c06738ea0c80842d57ed754b05ff493157b22805a4d484bc46804d83ec052db535ceeb79708087355103cf75e3d2c9e0ce5bb
- SSDEEP
  
  192:kNal3eiNis9QfUF2x3NC79F211G67+EtAhN:kJiB2XtF7jKkAhN
Score

3^/10
behavioral3
- Target
  
  misc.pyc
- Size
  
  4KB
- MD5
  
  3af0657bf4d2cdcd8e84aeee71be06f7
- SHA1
  
  bd28a025931e96da24c9818e1a1648d2ce7f5212
- SHA256
  
  83bbb656424fab009b612232bab4970a8bd49c944285975babb3de8f99db9da6
- SHA512
  
  a402b759e427ed78e55650b9188772916787a1734f5dd5a5782d98228c7c9da11057627bcad29aa94139a9c20b1c4ca2e8c92983b38384245855f6da3369dace
- SSDEEP
  
  96:ySMlhlvyz7DweHPF8+VB7sHIZGQSWfvmyyZ1k9qHub:Lolvyzgevq+VBXZGQlvmV1kkHub
Score

3^/10
behavioral4
- Target
  
  passwords_grabber.pyc
- Size
  
  7KB
- MD5
  
  91bebfc811f4706852fc415d7b2cc836
- SHA1
  
  26a7645c5b2590a29bb403cb7be00c3ad5e575b3
- SHA256
  
  fb77fa8b2407db4127a67e37188e0d722c981280b605f6173d737f39e3582dce
- SHA512
  
  1e5ad7a82f60df0d8bc048ff31ca716cc93d1e167ef9f53e916a608b5a7709f884b657854848a9b6e586f994c010f00dba55c9c76f864b93594ff2ce9fddbadd
- SSDEEP
  
  192:h114qWLfhuUIxDPK2cxDJb+XUhitovgEuz:V4qWLfMFyVxDAE/4
Score

3^/10
behavioral5
- Target
  
  source_prepared.pyc
- Size
  
  161KB
- MD5
  
  2009b4cc37f831157ebdd816b46277ae
- SHA1
  
  d4c3bb2e1c4db270f06bfa28de33ab5e557c4527
- SHA256
  
  7992f80e9f34800ca8e6ebf4e2a76e5bbe91216e24502d3d5d1e6fbd288424ed
- SHA512
  
  453256f8112a15d9f5a8399de8a08da8ebc7f37fd4c3aab6a881c3e36e1406fbe772cc407c044a5602d109787d0b64caf38f898270441ac5b8fdab7a8a114deb
- SSDEEP
  
  3072:nQ5aOO9fXlR5FSGInoYPZTi+5JvGmOIvdXz7p8sTWe:Q5aOO9fXMnorGlGmCs9
Score

3^/10
behavioral6