General

  • Target

    Wave.rar

  • Size

    157.0MB

  • Sample

    240409-c5p1bsff2t

  • MD5

    6e2e65438919ca25acc9a35c17260bbd

  • SHA1

    dbecdb58b4141b96fd0866e36b8c8e3c9a4df758

  • SHA256

    1ca93fdcc11135777684369edc2bb27d287ffa05d09533c69107e88c153d96c2

  • SHA512

    89d67b1df8199a0dd91a008cf2b338e22dc843c05b4d4e46360aa09eeb160a9c13bef11eab652e5c0fe97967e910579673eff81862a0590560cdc85fbc9aac8d

  • SSDEEP

    3145728:04FILwoAcr1Nu8WhoUdp27PkF5oeUahBcPVyMVob2f9/nvF2ILW:9oHhioU72TkF5oeVBMXfhnZLW

Malware Config

Targets

    • Target

      Wave.rar

    • Size

      157.0MB

    • MD5

      6e2e65438919ca25acc9a35c17260bbd

    • SHA1

      dbecdb58b4141b96fd0866e36b8c8e3c9a4df758

    • SHA256

      1ca93fdcc11135777684369edc2bb27d287ffa05d09533c69107e88c153d96c2

    • SHA512

      89d67b1df8199a0dd91a008cf2b338e22dc843c05b4d4e46360aa09eeb160a9c13bef11eab652e5c0fe97967e910579673eff81862a0590560cdc85fbc9aac8d

    • SSDEEP

      3145728:04FILwoAcr1Nu8WhoUdp27PkF5oeUahBcPVyMVob2f9/nvF2ILW:9oHhioU72TkF5oeVBMXfhnZLW

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks