General

  • Target

    WaveTrial.rar

  • Size

    156.4MB

  • Sample

    240412-z2cxxshf3s

  • MD5

    0159c8632597db4afc30105f24cdd3ea

  • SHA1

    5e80272c6ff0d820cdb0a4f98f7fbf0d558f5957

  • SHA256

    0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2

  • SHA512

    587e4dc7ae21036f3aaec3e99955670ef0c457fab23db79b71f0963acc79a1f2eca61b2233b6770672a139b0f8a9ae98ad65bed2431aac476fe7d4e293e666fe

  • SSDEEP

    3145728:GeUQUfKvWr13d8VZDUdp27PkF5oeUahBcPVyMVob2395nOl0tUD:MKuh+DU72TkF5oeVBMX3nnptUD

Malware Config

Targets

    • Target

      WaveTrial/Azure.Core.dll

    • Size

      391KB

    • MD5

      e2a35e588b6fba2072c741c2987511a5

    • SHA1

      94c56bfac87ed8e2e4cd19b16ad207f21abe7b62

    • SHA256

      dfaf0994f7e329274052cc74baf18013a4940103b8374e7d5f2d9779e641bd6a

    • SHA512

      2f0ae1b88d5937d1f7bea5504dcb0193a6a786c4839dcccd1a6de0b9367e97b606407f2a7cdb2786095c59ef49506391c35a55e2099221e45e721ddde8beec4a

    • SSDEEP

      6144:dqeDbIadSkZMpd79+IadLIw16lAat7XbmrWELTYNxUG:vkkZuxQlSDXSrWELTYXUG

    Score
    1/10
    • Target

      WaveTrial/CefSharp.dll

    • Size

      272KB

    • MD5

      715c534060757613f0286e1012e0c34a

    • SHA1

      8bf44c4d87b24589c6f08846173015407170b75d

    • SHA256

      f7ad2bbbeb43f166bbbf986bdb2b08c462603c240c605f1c6a7749c643dff3fe

    • SHA512

      fcaec0c107a8703a8263ce5ccc64c2f5bfc01628756b2319fde21b0842652fbeee04c9f8f6d93f7200412d9bd9fad01494bc902501fb92e7d6b319f8d9db78d7

    • SSDEEP

      3072:y79yn4VZ3fE1clgTTNmMnRGhH7gxNT5AL6GmAj9VB08OKNlUtrz+pyUU2Hu61:m3OKraRAEx7AL1mAjDB08jNlY+pmj6

    Score
    1/10
    • Target

      WaveTrial/Injector.exe

    • Size

      3.4MB

    • MD5

      c6b39ee166d5b0a2c8a9021ccd1593ae

    • SHA1

      e480e7c282f64e8b0179c82afe154dd59d14217d

    • SHA256

      443b665c5f545a2bdd7855f86bf70a5ee7f35eda1b6b08615161f5809cbda02b

    • SHA512

      3864aea36c522ca5658412128e6a4c862a647cf3b1054b9adbe418488590a37600d7639c3eba94ca9de76f087b244b95644c667213b1122889cf2d9b7a4652d2

    • SSDEEP

      49152:Kl0nJ28J4VZohYWVGGjW8NhSU7zwo8oXJ2R3KPHsI7coj2J+eNgRpqNc1a:KmnJrJ4DohYWVTJNkIZZ2R6vsmA+FDqN

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      WaveTrial/Microsoft.Bcl.AsyncInterfaces.dll

    • Size

      26KB

    • MD5

      420547c22653e59d5646cd9021b7bb34

    • SHA1

      8abcaa4d9ab7ba7cbbae55622f16750dae196bda

    • SHA256

      4d16c90604a38c9ff957e87f37d1cb22e1bd6c40418ee040e50c004a292e1b5c

    • SHA512

      6f1f9499ac82015e1f2ebcf6d573f43012bcd31f25563f4b75d5ddb92e0c08e0e9b9979dde1c54a0fc4d625b19efcc780d80906a595a33970158ec6a06c55123

    • SSDEEP

      384:POJWqnwmBbNAsW0VES2j0cX6dAl+NWaVzrdcoq5pWeL/Ww5kHRN78+L49R9zJcRJ:PulwmBhbVv2wK5GdcTu8+L69z6R2W

    Score
    1/10
    • Target

      WaveTrial/Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      195ffb7167db3219b217c4fd439eedd6

    • SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

    • SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    • SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • SSDEEP

      12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/

    Score
    1/10
    • Target

      WaveTrial/System.Buffers.dll

    • Size

      20KB

    • MD5

      ecdfe8ede869d2ccc6bf99981ea96400

    • SHA1

      2f410a0396bc148ed533ad49b6415fb58dd4d641

    • SHA256

      accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

    • SHA512

      5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

    • SSDEEP

      384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e

    Score
    1/10
    • Target

      WaveTrial/System.ClientModel.dll

    • Size

      100KB

    • MD5

      1d3caddc2414a81d093423817e3e26b0

    • SHA1

      2c29b45fd4d1af713b6bb2247348a1ccba1e620e

    • SHA256

      596b33763295e327c2a9937dabc4caf0123472487a1360f00affd6b6d6443dbc

    • SHA512

      78b37676756dfd4cd50605ab4b27b86f661f7824fc00998ad8275b0f269799f5d53284f75a320e64c9c4709a36a24ea5339fcfdf750a7b062335e34b43a16275

    • SSDEEP

      3072:3QxruJou2UDNQBYly1bD6tKJO4xtsjzxv:gubjNQXby

    Score
    1/10
    • Target

      WaveTrial/System.Diagnostics.DiagnosticSource.dll

    • Size

      185KB

    • MD5

      0f995c4af9cae7c4802b7cc124656aab

    • SHA1

      f71cd766f7f7dea088b14c06356d7883e67d4461

    • SHA256

      60e36745c4efe055b99ce4d0ba43de8a757e91dbb3b121aa361eff56ee886586

    • SHA512

      d1f5f24bd19ed4cfe3d7f88a8067481814da2e382a7e5923ed70400ae317d3dc8c019e2ffcee5b96b06f7f355a3ce1f2e73ac3375cc28c15b1f36d25aee75690

    • SSDEEP

      3072:ZtOlDslrRFLK7Oay5BcDRJ8QNY9v55SH9ys7cys563cSf9K00jJ6Tr:2IlrjKs5A7DNYtcbf9K00w

    Score
    1/10
    • Target

      WaveTrial/System.Memory.Data.dll

    • Size

      34KB

    • MD5

      06fabe879bb8060116cc64d1e69bb4c0

    • SHA1

      4acd0c178e9c68eb83b8abe502d2b4ff8adb8eb3

    • SHA256

      2d4488e126cfb64c82e758bb1b47cf4d0ebba095b7a3c48bfd54b1270fa6e8af

    • SHA512

      c05b29e3033e8a9fa61bc313c98f5410b33f1d380cd2e661ae33471376bba84c031b3f5d62542b49c12865618dbb4b441ad95b75e53e87a1dbc31ac50a9b7ebc

    • SSDEEP

      768:W5lbAkjuFu8citngKczJtvmZgorKrB0nxEwR/i6moQ9zZ:W5lbj2dg3vmuv0nxEwxi6mVzZ

    Score
    1/10
    • Target

      WaveTrial/System.Memory.dll

    • Size

      138KB

    • MD5

      f09441a1ee47fb3e6571a3a448e05baf

    • SHA1

      3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

    • SHA256

      bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

    • SHA512

      0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

    • SSDEEP

      3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU

    Score
    1/10
    • Target

      WaveTrial/System.Numerics.Vectors.dll

    • Size

      113KB

    • MD5

      aaa2cbf14e06e9d3586d8a4ed455db33

    • SHA1

      3d216458740ad5cb05bc5f7c3491cde44a1e5df0

    • SHA256

      1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

    • SHA512

      0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

    • SSDEEP

      1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS

    Score
    1/10
    • Target

      WaveTrial/System.Runtime.CompilerServices.Unsafe.dll

    • Size

      17KB

    • MD5

      c610e828b54001574d86dd2ed730e392

    • SHA1

      180a7baafbc820a838bbaca434032d9d33cceebe

    • SHA256

      37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

    • SHA512

      441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

    • SSDEEP

      384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo

    Score
    1/10
    • Target

      WaveTrial/System.Text.Encodings.Web.dll

    • Size

      77KB

    • MD5

      f0be46d27a99d3ebbb43e40cf33cc5d6

    • SHA1

      a7ca13217dc73edd5a2e61b15ecc0808a5ad9a41

    • SHA256

      fcb2fa73241d2d7a60750ae30ccbf01ead4f5e0641175aa7663fafb123449c8f

    • SHA512

      0320a2f8f8da77f983d19b1e4d85db119b6e1243578d4e56bb54bd2fb3689683e79f38276aa59b07ac77388c1563da540b1673f3c95fc351df0fbc3c9d370d2b

    • SSDEEP

      1536:bOOUDOOOckuA97IzsxoG4GNLsxaD7lZyFCJaowL8o7ydizpz5:pu67fxo8oafDgCJaom8Hspl

    Score
    1/10
    • Target

      WaveTrial/System.Text.Json.dll

    • Size

      636KB

    • MD5

      891a11d56a1289ee8ab1acaeb9151df4

    • SHA1

      fa4907084eadae89397c54bd3e8906005c966ca4

    • SHA256

      8ffaedcd3a9bd79ca17127367f2edfacc13f973787dd989aa9ebe3a26fc0f57a

    • SHA512

      0604478da15b3297f75807c6f4bfb69b8f7bc5c751be0fe0de3169979b58b05950eec2a5107623a6621aa672c91e75182174206ebab1081b79d00ca3e533c3ce

    • SSDEEP

      12288:5DumIdsID9gMFYc2GWMymuxGmmqWm3VT0E2Gsv:5Duh9xgMjYO

    Score
    1/10
    • Target

      WaveTrial/System.Threading.Tasks.Extensions.dll

    • Size

      25KB

    • MD5

      e1e9d7d46e5cd9525c5927dc98d9ecc7

    • SHA1

      2242627282f9e07e37b274ea36fac2d3cd9c9110

    • SHA256

      4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

    • SHA512

      da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

    • SSDEEP

      384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha

    Score
    1/10
    • Target

      WaveTrial/System.ValueTuple.dll

    • Size

      24KB

    • MD5

      23ee4302e85013a1eb4324c414d561d5

    • SHA1

      d1664731719e85aad7a2273685d77feb0204ec98

    • SHA256

      e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

    • SHA512

      6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

    • SSDEEP

      384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

themida
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

evasionthemidatrojan
Score
9/10

behavioral6

evasionthemidatrojan
Score
9/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10