Overview

overview

7

Static

static

3

Wave.zip

windows7-x64

1

Wave.zip

windows10-2004-x64

1

Wave/Wave ...or.exe

windows7-x64

7

Wave/Wave ...or.exe

windows10-2004-x64

7

ModMenu.pyc

windows7-x64

3

ModMenu.pyc

windows10-2004-x64

3

Wave/anti afk.txt

windows7-x64

1

Wave/anti afk.txt

windows10-2004-x64

1

Wave/blox ...rm.txt

windows7-x64

1

Wave/blox ...rm.txt

windows10-2004-x64

1

Wave/yeld.txt.wncry

windows7-x64

3

Wave/yeld.txt.wncry

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wave.zip

  • Size

    16.1MB

  • Sample

    240428-nggjtsee63

  • MD5

    028a988dc2bab37a145e9764a5fc0a71

  • SHA1

    ea620d659ebbd1d167b65572bd04438a755ca1f7

  • SHA256

    19bc526f55bf05607215a4c4e0d9fe7d8f5a6094fc10c6089a13c296a5396338

  • SHA512

    3f2097965a8343bcd2c75584fbc178bb7b4335956904515a66f1dbf8932372e82e5e62c05d697a870ef16f388abd6a4041ecd05a4ee42e157e4638c3d7d9bb15

  • SSDEEP

    393216:gh9SCD5WyGh2Jp5MLurEUWj77azE5PKk9buK+AdcI:K9fTGhpdbXazbkEK+AqI

Score
7/10
pyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Wave.zip

    • Size

      16.1MB

    • MD5

      028a988dc2bab37a145e9764a5fc0a71

    • SHA1

      ea620d659ebbd1d167b65572bd04438a755ca1f7

    • SHA256

      19bc526f55bf05607215a4c4e0d9fe7d8f5a6094fc10c6089a13c296a5396338

    • SHA512

      3f2097965a8343bcd2c75584fbc178bb7b4335956904515a66f1dbf8932372e82e5e62c05d697a870ef16f388abd6a4041ecd05a4ee42e157e4638c3d7d9bb15

    • SSDEEP

      393216:gh9SCD5WyGh2Jp5MLurEUWj77azE5PKk9buK+AdcI:K9fTGhpdbXazbkEK+AqI

    Score
    1/10
    behavioral1behavioral2

    • Target

      Wave/Wave Executor.exe

    • Size

      15.7MB

    • MD5

      10395831ba241418eac88e155afedbc1

    • SHA1

      cb08972a009f9693b3c0f35cd3ca6a22741a6804

    • SHA256

      e037476056749ba2dd199764fffb70bf8b08ad6de605741e2086b54791173434

    • SHA512

      ebb61cfdd44e0cf06f64af9f78ad310328756641e48697d0d99b5c4c6ed988f26c084330f01f595dc5ce7099d668005c52e108974be97a4dbcb0b48fc3fe62c2

    • SSDEEP

      393216:Vh9SCD5WyGh2Jp5MLurEUWj77azE5PKk9buK+:X9fTGhpdbXazbkEK+

    Score
    7/10
    upxspywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      ModMenu.pyc

    • Size

      69KB

    • MD5

      988ceb8a783eb4f016cbf943cc7d3830

    • SHA1

      c63ae7482781c6aaf32823f0b821734a7d37b0b5

    • SHA256

      4573bd634fccabef114f645c8f554fbdb9bb16eb25e267d8bdea3c3dbfacac3d

    • SHA512

      2ba4e7d5b2128a354c5c674afa578b015ff905f9ad5f84ad4ce8cc3bf97ac7b805a5651ba5c219384a83ca3553005b4e049305cd166fae39f6c9c4b972230715

    • SSDEEP

      768:f4KAIw3pYBdbM8v9YTNqvELkdI+2p3BXTxGVru1E7eNs0u9iAnjCenr+2z9n:f4j3pyd1cdxZs0u9vmor5

    Score
    3/10
    behavioral5behavioral6

    • Target

      Wave/anti afk.txt

    • Size

      1KB

    • MD5

      2f74a4807dd259a1df04eec52d7ec3ce

    • SHA1

      e3f42dc3064900e3fd6306a6f8c9523696ae0bd3

    • SHA256

      c423fbded6caef3ecbdcaf2e32df2d0720caef0709fc97f721fd06037c25f6e4

    • SHA512

      78d387a4b1887444e5b3d5f30694e53ee76916b8dd6a0ddd0363b352d2399786d080df245e0fc104e62ef052991983d4da4b43aa434c734830ce2c345eee9e82

    Score
    1/10
    behavioral7behavioral8

    • Target

      Wave/blox fruit farm.txt

    • Size

      955B

    • MD5

      606450e0ebe7ab9340d529af8a5f3950

    • SHA1

      097aefd170af7bfa77b2c43a273e6c45cc47c432

    • SHA256

      f0a68a879cbeabc8e7c0d0b6b1fd06ee22e4efdd060c8953119c3818c5ff8564

    • SHA512

      7af133f09a16e2438509f48264782f166e620b57d63e7ba55304a59df1e73ba38e882577e0a79ed4a4d76ce7c77acd21ab469169ac14d496c43f9820318821cb

    Score
    1/10
    behavioral10behavioral9

    • Target

      Wave/yeld.txt.WNCRY

    • Size

      453KB

    • MD5

      35c185a6a2c441986f7078c28e7e1f14

    • SHA1

      8e5690097b279e78a0c3689adcff8ec68b510c81

    • SHA256

      335ea3172f1fc7bf4591e060a7889887f960dbfa452d79385abc91978fda31b3

    • SHA512

      c92f3fc5a45e727da66070ee113692de3a374b01bd17d0287baf69fabf6eabe6aa51078f030f05a339940591344992d1d070a2457a1a1b1d69bdf94e73499d00

    • SSDEEP

      12288:xxl0F9yhU0bQGCoKM5lokgQuBuj3okIjE6p3vDBSdQOMJ4:tL55KM52wuBuckCvdvDBSdQU

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks