d222ec6dd3957a8fdec2dd14a3718ba2c9acae96e3476aced7d754bc19ecb03f | Triage

Sharing

General

Target

Wave.exe
Size

6.6MB
Sample

240620-vb7bmaxflh
MD5

0da2b181981239146eb1d216029207e8
SHA1

0bbc5a73f385be44301157b27a3674591ff03d09
SHA256

d222ec6dd3957a8fdec2dd14a3718ba2c9acae96e3476aced7d754bc19ecb03f
SHA512

6b5e29a0c90d46caa442fa92a56370c7ec19f22a7f64b498e5b87e97958eb802694f191248a9265d2c457e9df2ca5a1a7dcafcc7249ba7800234895b3e911b4b
SSDEEP

98304:rsOBVM2qwlj5awdv56s1Qr3iP4dtVOFyBwKQqHJTIXviT5AIWNZeJJPl4yNSYGl2:r5j5ao5pQrS8qFnKQ62qCIVPlDNF

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  Wave.exe
- Size
  
  6.6MB
- MD5
  
  0da2b181981239146eb1d216029207e8
- SHA1
  
  0bbc5a73f385be44301157b27a3674591ff03d09
- SHA256
  
  d222ec6dd3957a8fdec2dd14a3718ba2c9acae96e3476aced7d754bc19ecb03f
- SHA512
  
  6b5e29a0c90d46caa442fa92a56370c7ec19f22a7f64b498e5b87e97958eb802694f191248a9265d2c457e9df2ca5a1a7dcafcc7249ba7800234895b3e911b4b
- SSDEEP
  
  98304:rsOBVM2qwlj5awdv56s1Qr3iP4dtVOFyBwKQqHJTIXviT5AIWNZeJJPl4yNSYGl2:r5j5ao5pQrS8qFnKQ62qCIVPlDNF
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1