General
-
Target
Wave.exe
-
Size
4.1MB
-
Sample
240511-lfzynsbb3w
-
MD5
c2ce7247b063fb5f3e136e82b444a297
-
SHA1
a38c3b7e4f66cecda9adc17350422f845aecfad8
-
SHA256
0c7ae7e72467ca3a226ee0d4a395ed8ac4f88c7e494baa13fdceb56ea2886ee3
-
SHA512
b2f587a43fb4c05c5c8ce90af1dda68f9048a8344ef10de69928e5df0fe498c691af5bf0de9f66fa5c068f0523eb7c331bdf2825cc662ef2b4beb54a639cd93a
-
SSDEEP
98304:JiSS8sEUwvpuDO0+4dUkAuNRW2s0QZE6B0HkWymCTxVpN8RVfo463RA:JU8sE9xfRkVTWT0oFaEBTTxPAVg4
Static task
static1
Behavioral task
behavioral1
Sample
Wave.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Wave.exe
-
Size
4.1MB
-
MD5
c2ce7247b063fb5f3e136e82b444a297
-
SHA1
a38c3b7e4f66cecda9adc17350422f845aecfad8
-
SHA256
0c7ae7e72467ca3a226ee0d4a395ed8ac4f88c7e494baa13fdceb56ea2886ee3
-
SHA512
b2f587a43fb4c05c5c8ce90af1dda68f9048a8344ef10de69928e5df0fe498c691af5bf0de9f66fa5c068f0523eb7c331bdf2825cc662ef2b4beb54a639cd93a
-
SSDEEP
98304:JiSS8sEUwvpuDO0+4dUkAuNRW2s0QZE6B0HkWymCTxVpN8RVfo463RA:JU8sE9xfRkVTWT0oFaEBTTxPAVg4
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Hide Artifacts
1Hidden Files and Directories
1