General
-
Target
Wasper-Setup.exe.vir
-
Size
45.5MB
-
Sample
240728-sgqjysthph
-
MD5
ee7517fda25c5c0f955c96bf416b35bf
-
SHA1
5538cd903d17837fcf1448933ea0b7f74793c868
-
SHA256
eea65eb3a1b2443e8e3f26ce6ad39a85150576bc43d757e17fb93deb938ff0f0
-
SHA512
e42f468a43e775bb12d44f857e2c5f6e7e088c0eab14acb885f10f30d26e9bd8a0656e8044f22019d6521156404647d7bb8024e0f60796f1d57c6e516cca14fc
-
SSDEEP
786432:+yS2qHe93TkaKlV0zik3gPqdOIEPh5eI0glAf69QEx+ExtOjPrnyl1tlfd9sQo:+v2PS5kwPoOlPhUI0gCC9L6jLqFTs7
Static task
static1
Behavioral task
behavioral1
Sample
Wasper-Setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Wasper-Setup.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
wasp23
http://45.156.27.196
-
url_path
/4c7ef30d4540070f.php
Targets
-
-
Target
Wasper-Setup.exe.vir
-
Size
45.5MB
-
MD5
ee7517fda25c5c0f955c96bf416b35bf
-
SHA1
5538cd903d17837fcf1448933ea0b7f74793c868
-
SHA256
eea65eb3a1b2443e8e3f26ce6ad39a85150576bc43d757e17fb93deb938ff0f0
-
SHA512
e42f468a43e775bb12d44f857e2c5f6e7e088c0eab14acb885f10f30d26e9bd8a0656e8044f22019d6521156404647d7bb8024e0f60796f1d57c6e516cca14fc
-
SSDEEP
786432:+yS2qHe93TkaKlV0zik3gPqdOIEPh5eI0glAf69QEx+ExtOjPrnyl1tlfd9sQo:+v2PS5kwPoOlPhUI0gCC9L6jLqFTs7
-
Detects HijackLoader (aka IDAT Loader)
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2