General

  • Target

    WaveTrial.rar

  • Size

    156.4MB

  • Sample

    240409-d92elade35

  • MD5

    0159c8632597db4afc30105f24cdd3ea

  • SHA1

    5e80272c6ff0d820cdb0a4f98f7fbf0d558f5957

  • SHA256

    0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2

  • SHA512

    587e4dc7ae21036f3aaec3e99955670ef0c457fab23db79b71f0963acc79a1f2eca61b2233b6770672a139b0f8a9ae98ad65bed2431aac476fe7d4e293e666fe

  • SSDEEP

    3145728:GeUQUfKvWr13d8VZDUdp27PkF5oeUahBcPVyMVob2395nOl0tUD:MKuh+DU72TkF5oeVBMX3nnptUD

Malware Config

Targets

    • Target

      WaveTrial/CefSharp.BrowserSubprocess.exe

    • Size

      6KB

    • MD5

      bcd22b9511d5383e23d875e2cf3c339e

    • SHA1

      0ef86afaef536cc4b046ea2866414bb193d60702

    • SHA256

      95dd31f11ac1317559b6eee0479739930d503a4938283f5d831ac8add92ad792

    • SHA512

      c4e6821858720895c0bfae797097e3307bb7ea8f03dde4fefc16cce03b2a50fecfe8ed5c3225136fcd9d74ee0ed8673f795b410cd14890d22df58c1f03b693c6

    • SSDEEP

      96:v6ZxBI7kNmQBDvJGSkX6eFZJetmAhNt61OYcXe5U:UBIimQB9eX6eFZgsAYcXeS

    Score
    1/10
    • Target

      WaveTrial/Injector.exe

    • Size

      3.4MB

    • MD5

      c6b39ee166d5b0a2c8a9021ccd1593ae

    • SHA1

      e480e7c282f64e8b0179c82afe154dd59d14217d

    • SHA256

      443b665c5f545a2bdd7855f86bf70a5ee7f35eda1b6b08615161f5809cbda02b

    • SHA512

      3864aea36c522ca5658412128e6a4c862a647cf3b1054b9adbe418488590a37600d7639c3eba94ca9de76f087b244b95644c667213b1122889cf2d9b7a4652d2

    • SSDEEP

      49152:Kl0nJ28J4VZohYWVGGjW8NhSU7zwo8oXJ2R3KPHsI7coj2J+eNgRpqNc1a:KmnJrJ4DohYWVTJNkIZZ2R6vsmA+FDqN

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      WaveTrial/Wave.exe

    • Size

      7.0MB

    • MD5

      a8bd4a6b2f1d00928e61870a5688c13d

    • SHA1

      e17646d5279534f2e3eb0e0cfc8b6c536bc0c095

    • SHA256

      2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f

    • SHA512

      6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb

    • SSDEEP

      98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL

    Score
    1/10
    • Target

      WaveTrial/dist/shared/bin/wave-luau.exe

    • Size

      3.4MB

    • MD5

      12fd29fcaf6f6518b8bf9e976928fa38

    • SHA1

      1f9352e217518eaceefdd041e3f085ffbb93acb0

    • SHA256

      d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4

    • SHA512

      b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

    • SSDEEP

      49152:EIo5oIIIVWVNNNNNPpXqyJh0jtX6YNimufCiZ8ylLyfMAXyDiw1P6bNi/xeLZQpV:2hugpuTcdyPs+GJH/

    Score
    1/10
    • Target

      WaveTrial/dist/shared/wave-luau.exe

    • Size

      3.4MB

    • MD5

      ea9177735cde86b5acbd149795c2c28d

    • SHA1

      83eeb9a45fdedb0ba08bf18854a0cb7a33e8cfaf

    • SHA256

      3e435ffccc94d3bc915476654179430585517fa94b16fdf040b7de96ac30fdd8

    • SHA512

      5227dcef88a72837d60faa73505c6700b7e07416eb4d178cbfb8f60564860ed897127a9ae20e1980ce9f2782dd467d977cc76c40e4aa7161f3defe95899379c7

    • SSDEEP

      49152:IIo5oIIIpXiWyNNNNNO6kcWrVB1tcerNq+RWCifk8S3L9BO+uSUOXY9Z17N29UvB:+wQiUREezI9gfT

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks