Overview

overview

7

Static

static

1

WaveInstaller (1).exe

windows7-x64

7

WaveInstaller (1).exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    WaveInstaller (1).exe

  • Size

    24.4MB

  • Sample

    240708-fzlbqsthjr

  • MD5

    c71e5e3ffc14bfcc662b7174574ee6fb

  • SHA1

    257791af315bc66d53dd7dd0860fabadb1d0bf7b

  • SHA256

    d80b8d6531a1bb621db835a2b19125cc2e574196f4fd701285e569ba6ed2b4bc

  • SHA512

    9dc8e20140417260dd1a0c3a72c9a976e6e52c704b59c0c195db37cd1ced0a5ab69f20f6b517159bbb19921f4877e4b4a30b0a452b999b8f97260f046d492b4c

  • SSDEEP

    786432:Jw6e5WgUbaDCR4NUtiV+biRW3Puu/BRDfMpb:Jw6/pNGVxUPz/B5sb

Score
7/10
defense_evasionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      WaveInstaller (1).exe

    • Size

      24.4MB

    • MD5

      c71e5e3ffc14bfcc662b7174574ee6fb

    • SHA1

      257791af315bc66d53dd7dd0860fabadb1d0bf7b

    • SHA256

      d80b8d6531a1bb621db835a2b19125cc2e574196f4fd701285e569ba6ed2b4bc

    • SHA512

      9dc8e20140417260dd1a0c3a72c9a976e6e52c704b59c0c195db37cd1ced0a5ab69f20f6b517159bbb19921f4877e4b4a30b0a452b999b8f97260f046d492b4c

    • SSDEEP

      786432:Jw6e5WgUbaDCR4NUtiV+biRW3Puu/BRDfMpb:Jw6/pNGVxUPz/B5sb

    Score
    7/10
    defense_evasionpersistenceprivilege_escalationspywarestealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks