Overview
overview
10Static
static
10WaveLite.exe
windows10-1703-x64
9WaveLite.exe
windows10-2004-x64
9WaveLite.exe
windows11-21h2-x64
9discord_to...er.pyc
windows10-1703-x64
3discord_to...er.pyc
windows10-2004-x64
3discord_to...er.pyc
windows11-21h2-x64
3get_cookies.pyc
windows10-1703-x64
3get_cookies.pyc
windows10-2004-x64
3get_cookies.pyc
windows11-21h2-x64
3misc.pyc
windows10-1703-x64
3misc.pyc
windows10-2004-x64
3misc.pyc
windows11-21h2-x64
3passwords_grabber.pyc
windows10-1703-x64
3passwords_grabber.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows11-21h2-x64
3source_prepared.pyc
windows10-1703-x64
3source_prepared.pyc
windows10-2004-x64
3source_prepared.pyc
windows11-21h2-x64
3General
-
Target
WaveLite.exe
-
Size
77.7MB
-
Sample
240726-13c5ra1drb
-
MD5
62a1f44c91391189bb181a2738004cef
-
SHA1
c7f1d5a0ef7220c96bd5bbc9ffde0b8acb09ade1
-
SHA256
789c30a1ff236d6245eb001bc1ca69468c094eba007eeac13315bf6dc615fa10
-
SHA512
548a418bb48476cda8939f53a21e822edc823f07bde404b4a24cb80fd1e1efa372ccd73497462a505ad4d6cc0364898785ed6adc272049c7c522227d4646ca86
-
SSDEEP
1572864:OvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:OvHcRohTSkB05awqfhdCpukdRzMs9U
Behavioral task
behavioral1
Sample
WaveLite.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
WaveLite.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
WaveLite.exe
Resource
win11-20240709-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral6
Sample
discord_token_grabber.pyc
Resource
win11-20240709-en
Behavioral task
behavioral7
Sample
get_cookies.pyc
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
get_cookies.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
get_cookies.pyc
Resource
win11-20240709-en
Behavioral task
behavioral10
Sample
misc.pyc
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
misc.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral12
Sample
misc.pyc
Resource
win11-20240709-en
Behavioral task
behavioral13
Sample
passwords_grabber.pyc
Resource
win10-20240611-en
Behavioral task
behavioral14
Sample
passwords_grabber.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
passwords_grabber.pyc
Resource
win11-20240709-en
Behavioral task
behavioral16
Sample
source_prepared.pyc
Resource
win10-20240611-en
Behavioral task
behavioral17
Sample
source_prepared.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral18
Sample
source_prepared.pyc
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
WaveLite.exe
-
Size
77.7MB
-
MD5
62a1f44c91391189bb181a2738004cef
-
SHA1
c7f1d5a0ef7220c96bd5bbc9ffde0b8acb09ade1
-
SHA256
789c30a1ff236d6245eb001bc1ca69468c094eba007eeac13315bf6dc615fa10
-
SHA512
548a418bb48476cda8939f53a21e822edc823f07bde404b4a24cb80fd1e1efa372ccd73497462a505ad4d6cc0364898785ed6adc272049c7c522227d4646ca86
-
SSDEEP
1572864:OvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:OvHcRohTSkB05awqfhdCpukdRzMs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
990bb1210323b8968b180576cf8114d6
-
SHA1
a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b
-
SHA256
b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208
-
SHA512
43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a
-
SSDEEP
384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
9bdb8627dc166823e7d60603575b689a
-
SHA1
de56b5f8b3e891ad07760544132bd357f1e62368
-
SHA256
1078edad1660d103c2135793ea9707e4ef7877fb4be7b87c0e538ed84920212c
-
SHA512
789d21f744eff44456585fd27cd88a67e26b55ed1a043aa76a4b5e63f7dfad99013ca09b15fabecd041f8d35f8d22502c08efd0bb11d26ca083f02a64eae6d3a
-
SSDEEP
192:kNal3eiNis9QfUFoxJvm79F211G67+PtAhN:kJiB2lrj7jKlAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
204ee497021e32209ddde0c015b4dc19
-
SHA1
6aa2c039e6b6fbfb3620d4fe42d115553702146b
-
SHA256
a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2
-
SHA512
961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12
-
SSDEEP
96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
bbb6ab7b8230cca0ac46532a612143d0
-
SHA1
4bf5ebb19c5807cfb4b48191ec65b329d67763cd
-
SHA256
8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4
-
SHA512
21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e
-
SSDEEP
192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
173KB
-
MD5
5f3908e69da1ef86d8120e090596ee7f
-
SHA1
05149b58e671599ef8eb77dfd719649be5bca1c5
-
SHA256
b88b946ca64aa8d4fa37eac7050225d0a1881f2dc709f6ade19a4dc41dfc4592
-
SHA512
15a8bc9c64d01bdeaccbf85bb2db601ebc8c7d1ab48195f61aac991e1a5fa02878c6d18546c7e9e7f5f7dd47c7e067b844170bf333a3ed306d080e1d70a4d59f
-
SSDEEP
3072:+rohk0aOO22A1VSUkosPZTJ0pZyScWaQV+AcwIvdXzusTWu:+rkk0aOO22ApkoHpL9EA9sP
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1