Resubmissions

28-06-2024 18:44

240628-xdg6mayepg 10

28-06-2024 16:46

240628-t9xz6szdkq 10

General

  • Target

    WaveBootStrapper.exe

  • Size

    7.8MB

  • Sample

    240628-xdg6mayepg

  • MD5

    2de6f50a10d6d85db5488288438376a3

  • SHA1

    6845679c5cf0da42d3a1414d36481c3016baa220

  • SHA256

    40c74f4df446574ce79fe88a8651991447dc8c4a72a5ff3b496f082c5b8e1b09

  • SHA512

    270c6e4febbda33f35b58b82ceadf23c62810e4512c5181e40e77c7d0318795f4f10dbf120f9e1cd378fc2ceebf36e23cfb53be1ba5a5987862d71e896a90473

  • SSDEEP

    196608:EF0+M3eNTfm/pf+xk4dlX/O2dRatrbWOjgK6:4Ry/pWu4DNdRatrbvMK6

Malware Config

Targets

    • Target

      WaveBootStrapper.exe

    • Size

      7.8MB

    • MD5

      2de6f50a10d6d85db5488288438376a3

    • SHA1

      6845679c5cf0da42d3a1414d36481c3016baa220

    • SHA256

      40c74f4df446574ce79fe88a8651991447dc8c4a72a5ff3b496f082c5b8e1b09

    • SHA512

      270c6e4febbda33f35b58b82ceadf23c62810e4512c5181e40e77c7d0318795f4f10dbf120f9e1cd378fc2ceebf36e23cfb53be1ba5a5987862d71e896a90473

    • SSDEEP

      196608:EF0+M3eNTfm/pf+xk4dlX/O2dRatrbWOjgK6:4Ry/pWu4DNdRatrbvMK6

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks