General

  • Target

    WaveBootStrapper.exe

  • Size

    7.8MB

  • Sample

    240628-t7bddszcnm

  • MD5

    e1b8533c57eee9e2d3846964f83c8bc3

  • SHA1

    29ffa461de31965b8a49804d99861127ead36b3b

  • SHA256

    1919321964812c33ac97b91a91e579f49412e3cc64116131b4dbcc1fa6c7d12d

  • SHA512

    d859dab2c4f2c3dcec3bb9ed302571670cca437734fd426b2a4ae4e89539caf84c23f1ce118cf01995f769589132f9d55f9b6db0db704bb7189db0d8c0b1ab61

  • SSDEEP

    196608:GB0+ueNTfm/pf+xk4dlX/O2dRatrbWOjgKs:gxy/pWu4DNdRatrbvMKs

Malware Config

Targets

    • Target

      WaveBootStrapper.exe

    • Size

      7.8MB

    • MD5

      e1b8533c57eee9e2d3846964f83c8bc3

    • SHA1

      29ffa461de31965b8a49804d99861127ead36b3b

    • SHA256

      1919321964812c33ac97b91a91e579f49412e3cc64116131b4dbcc1fa6c7d12d

    • SHA512

      d859dab2c4f2c3dcec3bb9ed302571670cca437734fd426b2a4ae4e89539caf84c23f1ce118cf01995f769589132f9d55f9b6db0db704bb7189db0d8c0b1ab61

    • SSDEEP

      196608:GB0+ueNTfm/pf+xk4dlX/O2dRatrbWOjgKs:gxy/pWu4DNdRatrbvMKs

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks