4088a87ec34bc9c016f1000b4cb221d3c2e160cf1f16a0362a11d26538554088 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wavebypass.exe
Size

5.2MB
Sample

240825-ttavpsshmh
MD5

8b783daa23904e7e6ace545d2be42078
SHA1

d7827965c37f795dba32b14aaf6fa82601522ec4
SHA256

4088a87ec34bc9c016f1000b4cb221d3c2e160cf1f16a0362a11d26538554088
SHA512

8459d2332f9f97494c112a6144ad3e08b45f5f41999d19dc6221aa468116f3912255a0c82ead1c8f3e27fa424790fdf564107b4c4a0e5a2be4c6cf74a3a2517a
SSDEEP

98304:JA+G+O8WttOfDWxoDzqFuV2J+zW6FxKNo10HyUS7Z6pTdtOpZyOl/2Qd3Z9YYp:JAxLFuYJ+SuEkyTdAWOJ26A

Score

8^/10

defense_evasion evasion execution persistence

Malware Config

Targets

- Target
  
  wavebypass.exe
- Size
  
  5.2MB
- MD5
  
  8b783daa23904e7e6ace545d2be42078
- SHA1
  
  d7827965c37f795dba32b14aaf6fa82601522ec4
- SHA256
  
  4088a87ec34bc9c016f1000b4cb221d3c2e160cf1f16a0362a11d26538554088
- SHA512
  
  8459d2332f9f97494c112a6144ad3e08b45f5f41999d19dc6221aa468116f3912255a0c82ead1c8f3e27fa424790fdf564107b4c4a0e5a2be4c6cf74a3a2517a
- SSDEEP
  
  98304:JA+G+O8WttOfDWxoDzqFuV2J+zW6FxKNo10HyUS7Z6pTdtOpZyOl/2Qd3Z9YYp:JAxLFuYJ+SuEkyTdAWOJ26A
Score

8^/10

defense_evasion evasion execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Indicator Removal

Clear Windows Event Logs

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasionevasionexecutionpersistence