Overview

overview

8

Static

static

3

wave crack...er.exe

windows7-x64

8

wave crack...er.exe

windows10-2004-x64

8

wave-serve...er.exe

windows7-x64

3

wave-serve...er.exe

windows10-2004-x64

3

wave-serve...ws.exe

windows7-x64

3

wave-serve...ws.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    wave+crackedd.rar

  • Size

    26.0MB

  • Sample

    240726-f3nw2aydrp

  • MD5

    46caaceaa1791a1e8f2db95a0a04ba97

  • SHA1

    fe0c0b1c97fccd3dbd1db8e3245c145ef2148d1a

  • SHA256

    97da67301ca1d0da4a80aec314289a9d3d6771e234e208f02528f2fe6368d0fc

  • SHA512

    46e853e1a562a8584b9092efd88587d247d526f4e47eeee44f0487d6e0bdf3c846d7131a8b343f2cd9f5e5364e1e4142edeb90961fa3c3af1293b4c8cb0a6a15

  • SSDEEP

    786432:2BBuKL2vZ5KBwVTQzkx1+q33h3FB9GzpIB5Zr6:iBuKL2AYTQzE/3b1h6

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      wave crack/erwerfwe/wave-server.exe

    • Size

      8.8MB

    • MD5

      a227c8183df069184a11a03607fb382e

    • SHA1

      c3fe442f17f23dfef81cc588c7d39cb2424b2f10

    • SHA256

      aace88c7fb32eb62e10a709eacd2baf7e341f124f4370b870aeaf09f9584ad12

    • SHA512

      05c909850aab0a02fe20cf77adca595c74d0426fed388075c131539eb44c28287edbcd27a9226dbc0cec11b0131865f9759bcb4b45fd458b6ad32981ca6bc282

    • SSDEEP

      49152:poPUiCJMn2ZJPi89zCD8O26i29S4WhVVGjq4GrA3356Kw4CjWu5Ey35C8Q2djKSd:nJiBqwjnWhnMGr0h6ER8zP8rg6CVQmT

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      wave-server (2)/assets/WaveBootstrapper.exe

    • Size

      949KB

    • MD5

      23c08183cf27c04958765f4364ea7e29

    • SHA1

      3cef7f0e962736e239c25c9eda278388cd0a2074

    • SHA256

      9e3f3b4dd12b4f3431ac0e5433cbed20e868b49e5690776300d4c2dfd017429d

    • SHA512

      a3ecc1e3b8c37f438c56946da6bd95c005b26f1a8119dae344185e1d6a5b5b73dbdcdebca5ae706b073a712c02e72f7cce8c30c0b1392dc53bcce7d0de780a49

    • SSDEEP

      24576:1viinbT+yFoBZDI0BNZRQM+tkUkASmLtviinbTf:sinbT/aBNHR+tkhm0inbT

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      wave-server (2)/assets/WaveWindows.exe

    • Size

      8.0MB

    • MD5

      84ac5c62909dcb7d3c2d7f3885114e32

    • SHA1

      c67ff6e9e69adfeb14575299e5b5ce8f9b15f5a9

    • SHA256

      33524f9114497fd429fe855a9c0bea8c2eb6cd14bfd0a9186ef7ec10177ef290

    • SHA512

      6f6a62a418f1baa71be04ff7600606ac7fdc458d2d6bb5a71f29a17b1bfaa059f04a9a9d3804449a1a40c875c501dd98fb26253ae422f292d2f45eb68ac4762c

    • SSDEEP

      196608:JG5rY45g686QOL+rSYS6rBQ5IjnkSIAAtzXeEnA2RtCKkVJI55mc1:JerY4G686QOSrSYpnkSwXhXz5L

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks