General
-
Target
WaveTest.rar
-
Size
13.0MB
-
Sample
240407-xwjgeacc77
-
MD5
5f035b96995506ae375119dcd32eceac
-
SHA1
0d8e61295f1dc270870180608e673cdd7a215f7b
-
SHA256
14a733aa7b458d6010679bb0f06cf713b6341242907185e63649ca21e7b8a220
-
SHA512
d8bb97a65e6452842b47ed504b7766d80a58d21db7404e526686bbbc49a23d2d5efa4133b9acff520200d2c58d848d8a71466641557e7fe1d1d9fdedf35b7335
-
SSDEEP
393216:hMrY1Bzv+GT+brYZZSzdb2bHjBLUfnNWpw3aiKcfE:hMcjbT+fYrSzdbiHjKfnK6fE
Malware Config
Targets
-
-
Target
WaveTest/Wave V1.exe
-
Size
13.3MB
-
MD5
8a05978a5493d7ca12d8748a27405eed
-
SHA1
3284bc57a89a640d1fc3d55f26d735f8fe28434e
-
SHA256
9fb27c2bedc34fc3269d56aa700b53b69c574f4bd2afc11d8214dda5f6de6a39
-
SHA512
7a7af74bfdb7657d81c5eddc4ed38143f184226e0272ba4d83691511eabb24629a06182d6c02f417cad36d31ce3f00dcbc3808a522928d2f87c5130cdcbc868e
-
SSDEEP
393216:ZEkMDVnwW+eGQRIMTozGxu8C0ibfz6e57O13X8WjIzd:ZUDlwW+e5R5oztZ026e5c8eIzd
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-