General

  • Target

    WaveTest.rar

  • Size

    13.0MB

  • Sample

    240407-xwjgeacc77

  • MD5

    5f035b96995506ae375119dcd32eceac

  • SHA1

    0d8e61295f1dc270870180608e673cdd7a215f7b

  • SHA256

    14a733aa7b458d6010679bb0f06cf713b6341242907185e63649ca21e7b8a220

  • SHA512

    d8bb97a65e6452842b47ed504b7766d80a58d21db7404e526686bbbc49a23d2d5efa4133b9acff520200d2c58d848d8a71466641557e7fe1d1d9fdedf35b7335

  • SSDEEP

    393216:hMrY1Bzv+GT+brYZZSzdb2bHjBLUfnNWpw3aiKcfE:hMcjbT+fYrSzdbiHjKfnK6fE

Malware Config

Targets

    • Target

      WaveTest/Wave V1.exe

    • Size

      13.3MB

    • MD5

      8a05978a5493d7ca12d8748a27405eed

    • SHA1

      3284bc57a89a640d1fc3d55f26d735f8fe28434e

    • SHA256

      9fb27c2bedc34fc3269d56aa700b53b69c574f4bd2afc11d8214dda5f6de6a39

    • SHA512

      7a7af74bfdb7657d81c5eddc4ed38143f184226e0272ba4d83691511eabb24629a06182d6c02f417cad36d31ce3f00dcbc3808a522928d2f87c5130cdcbc868e

    • SSDEEP

      393216:ZEkMDVnwW+eGQRIMTozGxu8C0ibfz6e57O13X8WjIzd:ZUDlwW+e5R5oztZ026e5c8eIzd

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks