0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2 | Triage

Sharing

General

Target

WaveTrial.rar
Size

156.4MB
Sample

240427-tr2kmsch46
MD5

0159c8632597db4afc30105f24cdd3ea
SHA1

5e80272c6ff0d820cdb0a4f98f7fbf0d558f5957
SHA256

0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2
SHA512

587e4dc7ae21036f3aaec3e99955670ef0c457fab23db79b71f0963acc79a1f2eca61b2233b6770672a139b0f8a9ae98ad65bed2431aac476fe7d4e293e666fe
SSDEEP

3145728:GeUQUfKvWr13d8VZDUdp27PkF5oeUahBcPVyMVob2395nOl0tUD:MKuh+DU72TkF5oeVBMX3nnptUD

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  WaveTrial/Injector.exe
- Size
  
  3.4MB
- MD5
  
  c6b39ee166d5b0a2c8a9021ccd1593ae
- SHA1
  
  e480e7c282f64e8b0179c82afe154dd59d14217d
- SHA256
  
  443b665c5f545a2bdd7855f86bf70a5ee7f35eda1b6b08615161f5809cbda02b
- SHA512
  
  3864aea36c522ca5658412128e6a4c862a647cf3b1054b9adbe418488590a37600d7639c3eba94ca9de76f087b244b95644c667213b1122889cf2d9b7a4652d2
- SSDEEP
  
  49152:Kl0nJ28J4VZohYWVGGjW8NhSU7zwo8oXJ2R3KPHsI7coj2J+eNgRpqNc1a:KmnJrJ4DohYWVTJNkIZZ2R6vsmA+FDqN
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  WaveTrial/Wave.dll
- Size
  
  15.6MB
- MD5
  
  b7660cbe69220a479611763e49cd50e1
- SHA1
  
  2a89b9e56190204f7a776b6612d89baadaef911c
- SHA256
  
  0c0c9b140ac34f43a7252ec81007024bcad1d5d526762e518513ec20ff0e3a2a
- SHA512
  
  6b5aad55413600e57a7313779aed5868da49b6502bc2543eb675d582d0ba3ed0d1a153a7fdff04353c5019ee115c1ce01748548c24b679882be1f885be31b7ed
- SSDEEP
  
  196608:d7sdHFJiem2Ijbtm+4dqFgva0HLmhBpRK5vtWAL4Lq22+oWlsHawFM+OuKsgAyhP:WViXbtm+Kvv4Rivtz+oWXuKseRP8
Score

8^/10
- Blocklisted process makes network request
behavioral3 behavioral4
- Target
  
  WaveTrial/Wave.exe
- Size
  
  7.0MB
- MD5
  
  a8bd4a6b2f1d00928e61870a5688c13d
- SHA1
  
  e17646d5279534f2e3eb0e0cfc8b6c536bc0c095
- SHA256
  
  2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f
- SHA512
  
  6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb
- SSDEEP
  
  98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL
Score

1^/10
behavioral5 behavioral6
- Target
  
  WaveTrial/Wave.exe.config
- Size
  
  4KB
- MD5
  
  ae882f91fe4dc052fabd06774b2d30aa
- SHA1
  
  92cbe5c66373ea3682116fab8068534920d281d7
- SHA256
  
  50bd62b7fa97cb9564c4b418034138f30af993f84988b085e2b16d39aa74d79f
- SHA512
  
  3fe7174259817beae8101e2ab7be068b9030bccff00a1f5aee13cfab3585037fdb1f9b470feea212351f85ec96f31da63289e4574d69e4ef413fce3fda3c6c78
- SSDEEP
  
  96:wrwvxwDbDPwxOuzhrifBUXAUFUkUYUvUAc:wrw2DIxOEriJXejNGbc
Score

3^/10
behavioral7 behavioral8
- Target
  
  WaveTrial/chrome_100_percent.pak
- Size
  
  682KB
- MD5
  
  d3e06f624bf92e9d8aecb16da9731c52
- SHA1
  
  565bdcbfcbfcd206561080c2000d93470417d142
- SHA256
  
  4ee67f0b0b9ad2898e0d70ddfad3541fbd37520686f9e827a845d1930a590362
- SHA512
  
  497126af59961054155fbb8c3789d6278a1f5426000342f25f54115429ff024e629783f50f0c5350500007854712b07f7d8174ecfe60d59c4fdd5f3d72dac262
- SSDEEP
  
  12288:jI3H1fJxjzgsz5B0GDJQrnKs8SNP+QSsSilRBiNz40D+cIXm4pEqoO0TehErw5:83VBx7zEEmPLSOiNz40KcUjpEqoO0TOR
Score

3^/10
behavioral10 behavioral9
- Target
  
  WaveTrial/chrome_200_percent.pak
- Size
  
  1.1MB
- MD5
  
  34572fb491298ed95ad592351fb1f172
- SHA1
  
  4590080451f11ff4796d0774de3ff638410abdba
- SHA256
  
  c4363d6ecfa5770b021ce72cc7d2ab9be56b0ce88075ec051ad1de99b736dbbd
- SHA512
  
  e0e7deccb26b7df78d6193750bfb9aad575b807424a0a5d124bd944e568c1bb1ae29f584246f753d619081a48d2897815145028ffedd9488e9a8f102cdc67e2f
- SSDEEP
  
  24576:w3zB69p5zLmmibkFR8+mZR9hQumegvQtSP0KAwvdbbaV26edhOLoeu5:w3E53mNbkFRJmH9hQRhQsP0KVvdK2jrZ
Score

3^/10
behavioral11 behavioral12
- Target
  
  WaveTrial/data/settings.json
- Size
  
  302B
- MD5
  
  801b80146dc98d71f1e858ecb80a0ffb
- SHA1
  
  e81e181133354fd8c83a58230e71887dbe406219
- SHA256
  
  6aca09ff0ab2488bd827b04d268f0be01427c4bd42b8e457bf1b67b2d968b388
- SHA512
  
  72dbeea7f9200824e91d08d859b758a897803bc0d8aabf00e8de43bb743c38c2fff30a59402c0a905e5cff6a9a9d4da339b3280a1405770e2757beaf0e716f0c
Score

3^/10
behavioral13 behavioral14
- Target
  
  WaveTrial/debug.log
- Size
  
  1021KB
- MD5
  
  cfc5b080feb698e7772a1e68b833f88e
- SHA1
  
  4487c1fd0b419bafcf4662641a3eec11cf8dc765
- SHA256
  
  45a5471b2b7155f39c51bb8ee1d509e60fd550bad8eda237b7c0a076ec8fdcfb
- SHA512
  
  81d531aaee541b4ba4e1910f2595e7373ddf180714a1799233bd1fea95d6fbf405b09dece8fd3bc33e0cd42c0d71bb561ab6678bfa564695472a01045d143450
- SSDEEP
  
  1536:gzGRtpqL9IfzBb5nZsIjhGhrLuc/o4njv74tlr/iQsxUfbExLYbTEB7SVJOFQh18:1sIjhy
Score

1^/10
behavioral15 behavioral16
- Target
  
  WaveTrial/dist/client/assets/codicon-71cccbf1.ttf
- Size
  
  70KB
- MD5
  
  d28098974f2b7d57f46d1672a3ccd985
- SHA1
  
  1f9133d3abe06abd2f7af6209de11474b509e8a0
- SHA256
  
  71cccbf15f547a7392f5f2e0ae0c42d5b64cb29ba690eb346b3cb2aa5e4a19e7
- SHA512
  
  2359476de4fc85a88e39c665112d49d7b54a50d8b5878b894f5a69cec468be144c333d275de0dc515fd89dd62a811633d2060387df142e24a1709d5786ca0164
- SSDEEP
  
  1536:bEKV6Ub+RL0IIeln//sxUSbulvAjjXYKFwzSfk0vZZbM:YvUb+RAHa/ExUsRXbazSfkuM
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18