Overview

overview

9

Static

static

7

Wave.rar

windows10-2004-x64

9

Wave/Injector.exe

windows10-2004-x64

9

Wave/Wave.dll

windows10-2004-x64

8

Wave/Wave.exe

windows10-2004-x64

1

Wave/Wave.exe.config

windows10-2004-x64

3

Wave/dist/...c14.js

windows10-2004-x64

1

Wave/dist/...ca1.js

windows10-2004-x64

1

Wave/dist/...d33.js

windows10-2004-x64

1

Wave/dist/...x.html

windows10-2004-x64

1

Wave/dist/node.exe

windows10-2004-x64

1

Wave/dist/...dex.js

windows10-2004-x64

1

Wave/dist/...s.json

windows10-2004-x64

3

Wave/dist/...d.luau

windows10-2004-x64

3

Wave/dist/...au.exe

windows10-2004-x64

1

Wave/dist/...d.luau

windows10-2004-x64

3

Wave/dist/...t.json

windows10-2004-x64

3

Wave/dist/...d.luau

windows10-2004-x64

3

Wave/dist/...au.exe

windows10-2004-x64

1

Wave/dist/...d.luau

windows10-2004-x64

3

Wave/dist/start.cmd

windows10-2004-x64

1

Wave/dxcompiler.dll

windows10-2004-x64

1

Wave/dxil.dll

windows10-2004-x64

1

Wave/libEGL.dll

windows10-2004-x64

1

Wave/libGLESv2.dll

windows10-2004-x64

1

Wave/libcef.dll

windows10-2004-x64

1

Wave/snaps...ob.bin

windows10-2004-x64

3

Wave/v8_co...ot.bin

windows10-2004-x64

3

Wave/vk_sw...er.dll

windows10-2004-x64

1

Wave/vk_sw...d.json

windows10-2004-x64

3

Wave/vulkan-1.dll

windows10-2004-x64

1

Wave/webso...rp.dll

windows10-2004-x64

1

Wave/works..._FE.iy

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wave.rar

  • Size

    157.0MB

  • Sample

    240409-atbx8agd72

  • MD5

    6e2e65438919ca25acc9a35c17260bbd

  • SHA1

    dbecdb58b4141b96fd0866e36b8c8e3c9a4df758

  • SHA256

    1ca93fdcc11135777684369edc2bb27d287ffa05d09533c69107e88c153d96c2

  • SHA512

    89d67b1df8199a0dd91a008cf2b338e22dc843c05b4d4e46360aa09eeb160a9c13bef11eab652e5c0fe97967e910579673eff81862a0590560cdc85fbc9aac8d

  • SSDEEP

    3145728:04FILwoAcr1Nu8WhoUdp27PkF5oeUahBcPVyMVob2f9/nvF2ILW:9oHhioU72TkF5oeVBMXfhnZLW

Score
9/10
discoveryevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      Wave.rar

    • Size

      157.0MB

    • MD5

      6e2e65438919ca25acc9a35c17260bbd

    • SHA1

      dbecdb58b4141b96fd0866e36b8c8e3c9a4df758

    • SHA256

      1ca93fdcc11135777684369edc2bb27d287ffa05d09533c69107e88c153d96c2

    • SHA512

      89d67b1df8199a0dd91a008cf2b338e22dc843c05b4d4e46360aa09eeb160a9c13bef11eab652e5c0fe97967e910579673eff81862a0590560cdc85fbc9aac8d

    • SSDEEP

      3145728:04FILwoAcr1Nu8WhoUdp27PkF5oeUahBcPVyMVob2f9/nvF2ILW:9oHhioU72TkF5oeVBMXfhnZLW

    Score
    9/10
    discoveryevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      Wave/Injector.exe

    • Size

      3.4MB

    • MD5

      c6b39ee166d5b0a2c8a9021ccd1593ae

    • SHA1

      e480e7c282f64e8b0179c82afe154dd59d14217d

    • SHA256

      443b665c5f545a2bdd7855f86bf70a5ee7f35eda1b6b08615161f5809cbda02b

    • SHA512

      3864aea36c522ca5658412128e6a4c862a647cf3b1054b9adbe418488590a37600d7639c3eba94ca9de76f087b244b95644c667213b1122889cf2d9b7a4652d2

    • SSDEEP

      49152:Kl0nJ28J4VZohYWVGGjW8NhSU7zwo8oXJ2R3KPHsI7coj2J+eNgRpqNc1a:KmnJrJ4DohYWVTJNkIZZ2R6vsmA+FDqN

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      Wave/Wave.dll

    • Size

      16.3MB

    • MD5

      1b183359bc079cb1f753e0c3e5125fe7

    • SHA1

      83a01c41cc6d6484a1b81d86890230ab803bd9e9

    • SHA256

      146b8694ee07c3ca91e323d5eb84ddc2800f0838e6bc56d924fa3c9edc7d022d

    • SHA512

      c879e85bb43af37308e52768013173d37d80f19e434c68da828e748a33e2235138d0d1ce04b5b51eb2534bff30d1a7d648c89978c9f06567b351ef3e955fba37

    • SSDEEP

      196608:jzk4uTyIOI9Lq+/svEq6OhQHjwjqvTV/5Vak/Qo2eP6Q1vabrzBx/0Ko0+/ox6Pi:k2s9q+/ss4Oyqv9ba8iCqrzHyLPdEtc

    Score
    8/10

    • Blocklisted process makes network request

    behavioral3

    • Target

      Wave/Wave.exe

    • Size

      7.0MB

    • MD5

      a8bd4a6b2f1d00928e61870a5688c13d

    • SHA1

      e17646d5279534f2e3eb0e0cfc8b6c536bc0c095

    • SHA256

      2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f

    • SHA512

      6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb

    • SSDEEP

      98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL

    Score
    1/10
    behavioral4

    • Target

      Wave/Wave.exe.config

    • Size

      4KB

    • MD5

      ae882f91fe4dc052fabd06774b2d30aa

    • SHA1

      92cbe5c66373ea3682116fab8068534920d281d7

    • SHA256

      50bd62b7fa97cb9564c4b418034138f30af993f84988b085e2b16d39aa74d79f

    • SHA512

      3fe7174259817beae8101e2ab7be068b9030bccff00a1f5aee13cfab3585037fdb1f9b470feea212351f85ec96f31da63289e4574d69e4ef413fce3fda3c6c78

    • SSDEEP

      96:wrwvxwDbDPwxOuzhrifBUXAUFUkUYUvUAc:wrw2DIxOEriJXejNGbc

    Score
    3/10
    behavioral5

    • Target

      Wave/dist/client/assets/yaml-df2b4c14.js

    • Size

      3KB

    • MD5

      46162698a3cc5945d946898ad1c6ada3

    • SHA1

      e11b7d436ed4aea9440bb160b7f0ea9501fd1fa2

    • SHA256

      81a21479c71690e84b11ba31cafc4b7e074c354fbb7ed3a2e7ce811de4e138c4

    • SHA512

      fb05006403152d6c389513817d13fd98fa80e2cfade5bd197f3f786199d0c3bdc1fa560983b51474e13bf78c5d969d58212dc0f09386683f1e56f5b07db8efef

    Score
    1/10
    behavioral6

    • Target

      Wave/dist/client/assets/yaml-f7ca1ca1.js

    • Size

      3KB

    • MD5

      a6588b5cb768753440f491fbc12f7b22

    • SHA1

      8d9118794b7b89dc60989cf8739eef505f077e04

    • SHA256

      608796df3002d2aae191cdcafec5e34f787a5fe223ce862f62e391bbeeac8c3e

    • SHA512

      ab038095c4890580ecb17df2e12fab0f585cb7328b20cdc966c3c733336063c7ea85924d4e961d9739243710d875debd889e5072fba2e44f2f264d31de2036ae

    Score
    1/10
    behavioral7

    • Target

      Wave/dist/client/assets/yaml-f8a2dd33.js

    • Size

      3KB

    • MD5

      f18dfeeb06a369b05972320bde6ba000

    • SHA1

      8e8d9dcf77309261f41d62dae279a854e456bf7a

    • SHA256

      c8ab9bd5db8aef8a460d6a881be5c787d37ac941680ed8eb0d9c975826f170ba

    • SHA512

      83d828fcf11b686f8e6793363c9eac66284a23a0040c0007b3a007795ee1b4fd7917b76b32f6acde622ecde25397d1912d2d003574ba8a93ce87b16e41600c5a

    Score
    1/10
    behavioral8

    • Target

      Wave/dist/client/index.html

    • Size

      642B

    • MD5

      dc0297e1499d6be4efc3d519623623d9

    • SHA1

      3babddcfc55a2e33f4f21bedd8d15097fe26e8dd

    • SHA256

      4988e09362697dd88b69e9185f884145ac1b939c1e883855dad7b80479465c17

    • SHA512

      7dbcdcf74a4569b2d188b5ffca867db82acaddabf3c7ba184c62250cbcc375475f31a89607d799021be918dfdf76b5b7a215a87e1a7a157a433f1b8c21f5f61b

    Score
    1/10
    behavioral9

    • Target

      Wave/dist/node.exe

    • Size

      66.0MB

    • MD5

      f2cafe66652424d7e6512334e63b7f96

    • SHA1

      6f025a432d596a7cce8bd7a70f335504d11e8b4d

    • SHA256

      ea392e1b5503f2294c24f2ff17a01471faab98c3ec67d75df5754bb6ee0a7b71

    • SHA512

      11370e1b8400d08d24ac8f76c4a839f52bd72ef0d6fa472b0c81b67d56b3786c2962e08f29bb150d8bb57ca8579ee5aa4cae18ee4e42098dd21f6268903d79e1

    • SSDEEP

      393216:vdIDovVNzrl00adQk/VYSgvodtlMmskNk3w0GyVMA0+Qu58EISEhoIaE2FShp3Fp:vdJUxzk5bQxhhUOHESrxBxOWL/

    Score
    1/10
    behavioral10

    • Target

      Wave/dist/server/index.js

    • Size

      1.1MB

    • MD5

      ec10dcf5055923fbfb484a5da24b8705

    • SHA1

      520a15bf1a691c17619aa2752f2c28803d9be065

    • SHA256

      265981a055949af0e5497e5ff677c8c404f60b82e1051df106d871dc6b476e73

    • SHA512

      30485ea7ae0ca770275793873f6e5f5f658fd9d02345574152c49d3b2c48c0a56edfca074e04066eefcde6c340a94e1c7bf305068a4be00c48e40537f118d2ce

    • SSDEEP

      12288:znenmgaIgUpEqBeO/UmPpM/sYDmatEyuxOAcOe3ZQQT:znqY5qLuwcuhgQQT

    Score
    1/10
    behavioral11

    • Target

      Wave/dist/shared/bin/en-us.json

    • Size

      5.5MB

    • MD5

      de2ac61fe7207c1b2f304b05fae4e39f

    • SHA1

      72a4623fde7103eebcff4a55ccb8eb6acf6bbee8

    • SHA256

      c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647

    • SHA512

      4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

    • SSDEEP

      24576:xFxk0tadFplqZ8tb2xDMKUJHBg4wq96e/o:/Z4Bg4wq96e/o

    Score
    3/10
    behavioral12

    • Target

      Wave/dist/shared/bin/globalTypes.d.luau

    • Size

      418KB

    • MD5

      4fb046cf2752a7e38784b9c223fc749a

    • SHA1

      ec60cb7dca1a73001cffbcf858ec0a8714dbca1a

    • SHA256

      89259d80bd757a1d0a5b47b5c7eac1d8f84071d71b49049dd49a37ef8dee727c

    • SHA512

      763d7d904ae606b2e9692b46d5c18bab98eecd6973330f223da738f74f918530729df0ea8d91b976fc2787592d469c187bc027ad142dc5cef0d7b615948c7e13

    • SSDEEP

      6144:siqczXlabtPJQc3zJqjFY/OSRlXAR6fTU4Dx0YvDr7YuHqkZhCd6dFyDWro/1SXB:SJQc3zJ5Dx+0

    Score
    3/10
    behavioral13

    • Target

      Wave/dist/shared/bin/wave-luau.exe

    • Size

      3.4MB

    • MD5

      12fd29fcaf6f6518b8bf9e976928fa38

    • SHA1

      1f9352e217518eaceefdd041e3f085ffbb93acb0

    • SHA256

      d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4

    • SHA512

      b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

    • SSDEEP

      49152:EIo5oIIIVWVNNNNNPpXqyJh0jtX6YNimufCiZ8ylLyfMAXyDiw1P6bNi/xeLZQpV:2hugpuTcdyPs+GJH/

    Score
    1/10
    behavioral14

    • Target

      Wave/dist/shared/bin/wave.d.luau

    • Size

      4KB

    • MD5

      ec1e22fcdb56c0027ebc8cc4de1d0e64

    • SHA1

      01c3295445117957e0aa1facbd2538d68b600c78

    • SHA256

      65f300099bb14dc2ff2e2fc3a3ebda335d16433c08e317eeb4673cf106ed34a3

    • SHA512

      090c6fa8ad2b0d1e8b4dd5d42759b6ee56e96786da9d7aba34040bf3daf5ca8c5d00c9cc10cd4b84e3ebe023b2c5550c237207902a29afa9bd9dd38757c93017

    • SSDEEP

      48:1BBj5GSCuv70v7xGs7OU8q47BD4B8yp5x4pbpweqY+tYmPFYknFYE7Vf52+n+iQh:/uBfCDSTEUVldH/q

    Score
    3/10
    behavioral15

    • Target

      Wave/dist/shared/configuration/default.json

    • Size

      57B

    • MD5

      e42f1d887517cfd8a654c536615fc28a

    • SHA1

      7d4a21dedca4cd4dfa536e01f71273fcd40f5022

    • SHA256

      b965cc02dce6f970fd577ade571fc6b7af6e50d9064c15078a51af8497eb5211

    • SHA512

      2258265368006694dd80fe660bacafebe1f2105473073bdd7c0bcd51f2da62b197724c196fde659e4ca46608d3fa5bb664ac1e1b31bcd58439b366f1564f538c

    Score
    3/10
    behavioral16

    • Target

      Wave/dist/shared/globalTypes.d.luau

    • Size

      430KB

    • MD5

      a692690d37ead9365e4c92a145d7e554

    • SHA1

      ddff78ba3c227adcedb0ad6f727594d9f496707f

    • SHA256

      785c8a1755f03d35fc4336c9bd611162f3a845d33dfbccd6cd6c66b69647aa8a

    • SHA512

      b427ad84bb25f7a5a6b40071e412e8ce90c8a9d0a8f09c5d4986fb29ba2e6de2d7052bfc13ee569bd080f1d5082f1fa9c277debec08283bf9650889e4f6c9c48

    • SSDEEP

      6144:saaXnoQC9fdNKoL1D8TYqEJ75ZimGDyW3eoHeW+lZHtJnbbbwJcwd7D7:vaXnoQC9fzD8ZZ

    Score
    3/10
    behavioral17

    • Target

      Wave/dist/shared/wave-luau.exe

    • Size

      3.4MB

    • MD5

      ea9177735cde86b5acbd149795c2c28d

    • SHA1

      83eeb9a45fdedb0ba08bf18854a0cb7a33e8cfaf

    • SHA256

      3e435ffccc94d3bc915476654179430585517fa94b16fdf040b7de96ac30fdd8

    • SHA512

      5227dcef88a72837d60faa73505c6700b7e07416eb4d178cbfb8f60564860ed897127a9ae20e1980ce9f2782dd467d977cc76c40e4aa7161f3defe95899379c7

    • SSDEEP

      49152:IIo5oIIIpXiWyNNNNNO6kcWrVB1tcerNq+RWCifk8S3L9BO+uSUOXY9Z17N29UvB:+wQiUREezI9gfT

    Score
    1/10
    behavioral18

    • Target

      Wave/dist/shared/wave.d.luau

    • Size

      4KB

    • MD5

      59d632df071daad600a90dcc9b3efaa5

    • SHA1

      6272375c7a87dda2616e935e8a921e9af1fe37a3

    • SHA256

      927a1b9adfb0962908b60a70c6903a5ff72a6893760ee73db581f2c310e91eb0

    • SHA512

      d811869d50980256716733d04f4f77e9d6a223ff3c3844b513dd2826f8cb262e5011b2115c3dc4b24efb8743d5e430368b443356863fd639c4d0821c031b5e91

    • SSDEEP

      48:1BBj5GSCuv70v7xGs7OU8q47BD4B8yp5x4pbpweqY+tYmPFYknFYE7Vf52+n+iQf:/uBfCDSTEUVldH/o

    Score
    3/10
    behavioral19

    • Target

      Wave/dist/start.cmd

    • Size

      11B

    • MD5

      3a6deb11e01a2191a3819f0a6364d95c

    • SHA1

      e6ecc23bfd21a7a237c4e036741e0806659e86fc

    • SHA256

      51e2aec7acfef86caefa3739b1d373b29809156df836793ac15d4af93d32fea6

    • SHA512

      01fe050212b12bab96d605674a93ae98e8f498dcc17815c0ea7233e42c005483c9f5de1dcde734987012830106f0b40dccadc42e566aac49ed3cf37e986eea01

    Score
    1/10
    behavioral20

    • Target

      Wave/dxcompiler.dll

    • Size

      20.8MB

    • MD5

      141f621285ed586f9423844a83e8a03f

    • SHA1

      9c58feee992c3d42383bde55f0ff7688bc3bd579

    • SHA256

      5592056f52768ba41aad10785d21c1b18baf850a7e6a9e35526f43a55e6ada6d

    • SHA512

      951a55bbe86a7ebecfc946bf1c9a8c629f0e09510089a79a352cd6d89b7c42e0e23fd4f26232b0e73bd6d4ec158b86728cda2ab25745abcabfafadd964b55896

    • SSDEEP

      393216:5NfWHkWI4F8p4q8ZyfV+mq7q5oIB1p4bWpso:cTW4bWpso

    Score
    1/10
    behavioral21

    • Target

      Wave/dxil.dll

    • Size

      1.4MB

    • MD5

      cb72bef6ce55aa7c9e3a09bd105dca33

    • SHA1

      d48336e1c8215ccf71a758f2ff7e5913342ea229

    • SHA256

      47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

    • SHA512

      c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

    • SSDEEP

      24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r

    Score
    1/10
    behavioral22

    • Target

      Wave/libEGL.dll

    • Size

      459KB

    • MD5

      ce2c45983f63a6cf0cddce68778124e9

    • SHA1

      6553dc5b4bc68dcb1e9628a718be9c5b481a6677

    • SHA256

      9ca8840bbb5f587848e66d08d36cb5eb30c1c448ef49ce504961ff4ac810c605

    • SHA512

      df81a3356168e78d9810f5e87ca86eb4f56e5f0cb6afdb13408b50778a2d8b18c70b02c6348cd7ba59609ab2956d28eed324706eb65d04bce1159a2d8f1e0e8f

    • SSDEEP

      3072:OJr6bcnn5+k93dw1IkCUEWZpWr1H7gd51Dzwr7fkN7yt6S0/t6BDE96FX9Dk2K0I:IcpoGEfmMJHKDzm7fku10/tTYd6jb1D

    Score
    1/10
    behavioral23

    • Target

      Wave/libGLESv2.dll

    • Size

      7.3MB

    • MD5

      c9b090ed25f61aa311a6d03fd8839433

    • SHA1

      f1567aa2fb1fcad3cde1e181a62f5e2bccadaf68

    • SHA256

      c7a7a59cf3c26d6c8b2505996065d49f339764f5718e6f53a9ecec8686c489db

    • SHA512

      21cd4618b6ad011afa78abe8fbc42ecafbb992322912c4a77e5f193a04aeb97a5655dedfc513e1a7667db55b92a322e3d9a6dfe7e845af25f37a6666a1798470

    • SSDEEP

      98304:UqV269WX/0dlldzRv/DaVhHTEeXm3w584:UqVtpdlTkVVrCw584

    Score
    1/10
    behavioral24

    • Target

      Wave/libcef.dll

    • Size

      204.4MB

    • MD5

      3f1e12a06149b68ec7ea58486413aac5

    • SHA1

      b5ee4bfb76e53cb50cf0ca9da43659cc67454b12

    • SHA256

      e2f3d912e2fa54b2d29330202bfb98394a3086aaff800417e382f772a6b07922

    • SHA512

      23d45229285bbbdf538fa03e050bd2b6815e446c602c86603b13b0dbb6811d5fe40711f46fd34bca9efbb17af3ab38d466161903b65798400d3ffc24b8945062

    • SSDEEP

      1572864:h90gHOgkN8SpQTT/PG4iRa592G7eZy1aQ3+PcToCptZjUicMTyDBlT5vOIZaJ/Cd:XgNEJ5Ajoq

    Score
    1/10
    behavioral25

    • Target

      Wave/snapshot_blob.bin

    • Size

      305KB

    • MD5

      e3937a61861293637286b9bd61f6da99

    • SHA1

      7f5bcf543545a43500a0d080a5dbe946af579688

    • SHA256

      3c583835f81e637a0b18f5427e9a2a3024431d5059c195a0111e19796ac9b109

    • SHA512

      172afe9a34fd01cd248d45756c575db31a6e741e3a36e155da3caf20bf8b105e00d858bed926f7fb4677f9fe1b99d422df4b7498f6ef809505e693117994ea78

    • SSDEEP

      3072:Z2WJ2n3bBDoCIdRdtxO5HoGMU/wsR2SUYiLtP0hBejXnRcKMw2r98:Zr89oCM9ORoewr/z

    Score
    3/10
    behavioral26

    • Target

      Wave/v8_context_snapshot.bin

    • Size

      672KB

    • MD5

      12c20b1ea7dccafb8250e13e46bc9914

    • SHA1

      6ed3625dffea1ad3e1aceae4c55caaf195fd7c18

    • SHA256

      5591258720aed178de57b4e61eb59b2c4af2566caa1d18a7157cf8d0feca11d7

    • SHA512

      e520e67eba1dcf236a0daf43ec57182821b1e9142592ef471c724caf74292ed85291bd3b84fef6107ee2c258f93ea4fff2df18485537d73ddfd973b863c76727

    • SSDEEP

      6144:Yvo3L7k0M9oCM9ORoGqrmQBma2Ms9t/hnPoyxR6NfekL:3380+s2XxQyxKekL

    Score
    3/10
    behavioral27

    • Target

      Wave/vk_swiftshader.dll

    • Size

      4.9MB

    • MD5

      3262e23f3fef8b021b93c801f5649c92

    • SHA1

      de49b94cfc981a0af5a4e134854f69620e7ba566

    • SHA256

      1c9098e8a6f21462864a91e74555f299ebc41d3bc79d6ee1b9c577c929957285

    • SHA512

      54b0b26b95f6fc799b3e24863a65ef3896786811be3cc9fffa2a06e95e98daf32b16f0ede6b8a87acc319ea17650cdd089c56798236476b894054195738e1797

    • SSDEEP

      49152:gF448X7wFiEjApLVO1m6ok46FFQNeoX/lbR7lZI5cWp3PDr70yDIubUQ6ot70FXf:l/X7i+xLLIJmZdT

    Score
    1/10
    behavioral28

    • Target

      Wave/vk_swiftshader_icd.json

    • Size

      106B

    • MD5

      8642dd3a87e2de6e991fae08458e302b

    • SHA1

      9c06735c31cec00600fd763a92f8112d085bd12a

    • SHA256

      32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

    • SHA512

      f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

    Score
    3/10
    behavioral29

    • Target

      Wave/vulkan-1.dll

    • Size

      924KB

    • MD5

      38d2b059a99f2c4b6f863c18c6f1d25a

    • SHA1

      8b027a7704b795df1f74b994b0dc55ca4e53c479

    • SHA256

      a72bd8d3d24ff0e2c56a2b64c05b324f0b7f56ab486f507a256a9c3fef7bc902

    • SHA512

      4689aae5bf7f81a7d216a570e36322ab61ffb33428316f301be20f1f65111b6eb696b75325b008dff6f963a135148ccc1c600ed1bf71fcc813765918daa14102

    • SSDEEP

      24576:YXd+yURo9zpJSRoOl6Z5W1DYsHq6g3P0zAk7C3:wdwGdrStl6Z5W1DYsHq6g3P0zAk7C

    Score
    1/10
    behavioral30

    • Target

      Wave/websocket-sharp.dll

    • Size

      244KB

    • MD5

      7379936cac71973885587a3bc6fbb70b

    • SHA1

      e72fec39314d7eb75f13c1ff0459515d95dd910c

    • SHA256

      fb06ffceb4f8789c893d2f292e5810927dd7266d3bad68df2cedb8775500e8be

    • SHA512

      d9da358bcc134232f6418d49fe98c427ad49fe8a212a2f166fcbf1718d0a8f8b0fa055caec30b267c6e4b1b4d687f08394830e3fadbae812c4b255abdf8c7b7a

    • SSDEEP

      3072:ZLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC519:Sn8nDenoRXoJF3bqEiyzZ5m1FsgU

    Score
    1/10
    behavioral31

    • Target

      Wave/workspace/IY_FE.iy

    • Size

      539B

    • MD5

      291d5636a434c4f1ceb0f3f776c2a51f

    • SHA1

      ae287e08f71c522a72812f0dace94b8ffb569341

    • SHA256

      73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452

    • SHA512

      7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743

    Score
    3/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

12
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

21
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks

static1

themida
Score
7/10

behavioral1

discoveryevasionpersistencetrojan
Score
9/10

behavioral2

evasionthemidatrojan
Score
9/10

behavioral3

Score
8/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
3/10