General

  • Target

    WaveInstaller.exe

  • Size

    2.3MB

  • Sample

    240806-pf69jayfjq

  • MD5

    8ad8b6593c91d7960dad476d6d4af34f

  • SHA1

    0a95f110c8264cde7768a3fd76db5687fda830ea

  • SHA256

    43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

  • SHA512

    09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

  • SSDEEP

    49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

Score
8/10

Malware Config

Targets

    • Target

      WaveInstaller.exe

    • Size

      2.3MB

    • MD5

      8ad8b6593c91d7960dad476d6d4af34f

    • SHA1

      0a95f110c8264cde7768a3fd76db5687fda830ea

    • SHA256

      43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

    • SHA512

      09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

    • SSDEEP

      49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks