General
-
Target
WaveWindows.zip
-
Size
108.7MB
-
Sample
240919-fnz1rasdmm
-
MD5
4033fea389121ab68e9bb3d89afb11a3
-
SHA1
ba943f96358f358cf4e2f7394230ad48c4fa413a
-
SHA256
09e6dd1a80828e07ff796df46d5d3d19bc2cb2c94c8d26e15323a97285fe7b42
-
SHA512
f1321baf4ba16addeadf4dfe3152c1eb7fb9630d77f20aa54806f5e9e4eaf106f83387afe0fad8bf21f4f09689be757648593cf943ca92d4dd669cc49453f3f2
-
SSDEEP
3145728:72OijPrHhWwUaHzZjOtcxR6FyK4O2YDwVAI:yVuiZqtMDb513
Malware Config
Targets
-
-
Target
LICENSES.chromium.html
-
Size
9.0MB
-
MD5
ae174699b663bd90d8d06c68c6952477
-
SHA1
8c76eda61d320779909adc541593b8e26b24815a
-
SHA256
c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
-
SHA512
3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158
-
SSDEEP
24576:h+QQf6Ox6x5n1nZwReXe1Gmfh6k6T6W6r656+eGj/dBIp+:oAPeGLp
Score3/10 -
-
-
Target
WaveWindows.exe
-
Size
172.5MB
-
MD5
30f269a8a4a5f5e1d0a10cb4ea43b738
-
SHA1
672dd7bdf8dfaf7442c210a5acbea829916a7873
-
SHA256
bb74a49ede11683d120fbc193c88cbf0681f61450c3290f842f6b7435b4c97ea
-
SHA512
c8e0c35f18cd59c731090d51bd234e74d7d269f0006c75e3fa49e03a0a825f66568ec946bb714957554fe227f7b3fc6d3eda0968547b95a8d8c8d27c02567cf6
-
SSDEEP
1572864:6V00dKoWtUBaArjpGI2O6QMsjI1RaZjVdiX5H5z8GTzXts3XYpfLW5q:Lgrm7i5
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks for any installed AV software in registry
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
a7b7470c347f84365ffe1b2072b4f95c
-
SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3
-
SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
-
SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
-
SSDEEP
49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.6MB
-
MD5
9691e33909895bfb5bb0355b6f439c81
-
SHA1
7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
-
SHA256
223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
-
SHA512
9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533
-
SSDEEP
49152:01nRu1gjn93AXtsX7I8g4AScbz6Ox+pen6yfmb+ST1PqRrYC:0Jsf83Sn6Ox+tP5C
Score1/10 -
-
-
Target
libEGL.dll
-
Size
470KB
-
MD5
09d3bc8a5c6104d78566cd6e51c5a6a8
-
SHA1
d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
-
SHA256
1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
-
SHA512
198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd
-
SSDEEP
6144:xmi12qlTgeUDsnkcM2nDl83BgENhYCqNNfY24M:xmk2qxgeUDsNnDcgENhYRNNfU
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
7.7MB
-
MD5
02374701c3dc3b26088763fd3cc11bc9
-
SHA1
84e582496c53ce139d9efd219b762ad38a50d011
-
SHA256
8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
-
SHA512
09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2
-
SSDEEP
98304:uPqhbsPD8TDyGDsTnI5mvmKGtS17QXC3O:uP4m8TDyluKGugmO
Score1/10 -
-
-
Target
resources/node_modules/accepts/README.md
-
Size
4KB
-
MD5
873e624d40d23cf9b54f9d2f74d2c8d1
-
SHA1
3a884510d2eeed73a4cd5ae0947a6c72cd3c7426
-
SHA256
c25a1071e5aa1b1b43e10f083e8d97c3dbf1f7700cfa38b5cbc40725662e1ae0
-
SHA512
a929edeb59edc6f1ef4f7554ddfd0b1b54aa097d4fdf69c5ec25b14c3c722a034d159daf3ad38508efc775fdf8c246507d53021e4ad79f0708c5df94b311a864
-
SSDEEP
48:ZdC9AIvI6RZK0nwuBGWxGWwsNdXMoNjP601Wrk0aN8F07DaN89JC7aN8fBfuRhpL:/CnQl0JZ15jue/9IQxokXjwiA0
Score3/10 -
-
-
Target
resources/node_modules/accepts/index.js
-
Size
5KB
-
MD5
4fe4d2c90a2fd19d6e97443a7d24f815
-
SHA1
282263f45f6bf80fbf43f4097d53b5b60ff1a05f
-
SHA256
be2decbd50610e8f995c1e312ee4dd6d7c1244cfdf03ee4c4a3da68e572dada1
-
SHA512
c795b7285cc92616a46fd1ad2d00ce65fb4b269e6b6fc35315891d119b7c25b7f4573540be0627d577123201d9cfe119c8a53f0e75a8b6ea870f8d89a130c213
-
SSDEEP
96:oYG1MGmGHqyl8rAyBkmqFxo+uerpDWMlB8fdOGUJTit4UG9bCZhPwA:oYG1Xlqyl88yBD+uerRLD0YQ4rcZh9
Score3/10 -
-
-
Target
resources/node_modules/array-flatten/README.md
-
Size
1KB
-
MD5
328fdaf1ee65869341567f4fb6716e02
-
SHA1
98efa9e4bd6d6bca4ebb76991a2187a8a496c8b6
-
SHA256
071dd896356da12269508f361958ec622e47b27a96d7efdba23b671bc3470416
-
SHA512
40378eeeb21474e8be2962853b1d279ab8e167e68ebad08ae4e7932c131da317672852916bcc1000ec43a0163653c45158a9a8be819b4a6479163ac8c5391ca5
Score3/10 -
-
-
Target
resources/node_modules/array-flatten/array-flatten.js
-
Size
1KB
-
MD5
4b17fa06c54846b686b8b799e9dd253a
-
SHA1
fc6cc30e8b8ec09eeba62bac076ed627aa3ee8d1
-
SHA256
766ca145b6d25e3d60f352a716e8fa1876bcdf362c0767c360cf24f335bc281e
-
SHA512
72df1668f464f6942c484155b667086bb6f83f77e826ffcd146ee045079db3334aba270bffb66cdd796d4c9308121ec2a67a404289f19914c45d9a6c15435e71
Score3/10 -
-
-
Target
resources/node_modules/body-parser/README.md
-
Size
18KB
-
MD5
11e3ebc72bab84f27db6737fa8c1caa6
-
SHA1
276f60b591649db250f44556cda1fb984d3d4ebe
-
SHA256
80695d7f01d96c75a55d3b83f989ee421fcc3bdd8dfc973409d5dfc5eb9767ef
-
SHA512
64e8c6407d10d9817465ce130bf95f9f06d373724787c026618df4f8d69da960f68008ca98244f16788704d57b27470e3321c79721b4498e08611a01bb5ee4a1
-
SSDEEP
192:eBpKv7ygazeyidkShRvtlzk7/em3x1A6H9wSu9kYPaDpIQVf3HcRaU/R0yV2aaXX:iKFO4d/Q7L3TA6H9i9bSDKqv8gUpqmQ
Score3/10 -
-
-
Target
resources/node_modules/body-parser/index.js
-
Size
2KB
-
MD5
b9e991c0e57c4d5adde68a2f4f063bc7
-
SHA1
0cb6b9eb7b310c37e5950bbcaf672943657c94b5
-
SHA256
9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241
-
SHA512
3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6
Score3/10 -
-
-
Target
resources/node_modules/body-parser/lib/read.js
-
Size
4KB
-
MD5
c148bb38c59ce266e271c96ab1f2d192
-
SHA1
027f3fbd8a5370ddec744d33ec9d594db41f6293
-
SHA256
1e9e274755366c39ae70e8b9a7a42fc12219566e67efaf9b7ebc2a8b337f5b6b
-
SHA512
bc4779cda1a3b130eb8cf76bb40676046ceb514ddc5c1891d7324776e6188e5d5ceb4c0799cf2fbc007786849ed07903cb59f61ffcac407300eef0a16cb7c498
-
SSDEEP
96:1F2ISKMGJ0n9WbOaHSb+IR1+GFQBnPQCbfkZ/OPqgVB9OuCyMQ:1FwZYbhHSb9R1+GFQBICbfkWVBqlQ
Score3/10 -
-
-
Target
resources/node_modules/body-parser/lib/types/json.js
-
Size
5KB
-
MD5
6b036408f968978bf9668496db9953ba
-
SHA1
af1f14428152576f1c047c3462d26a7feb98635a
-
SHA256
44f8b529333004e2aaff6db3a1dbe7068f1ac5fa1173e9634686a78c2262af35
-
SHA512
89bef97d3d5d0c8da0f3aa1e178fee1d04eee5200c2f037bd55761a61e6c6a251f7314e82343761ef227a997909f4a0237a3ff5f79a1a7bb9e879a465ab84f86
-
SSDEEP
96:1F+Graz+dz1PbSDp2qjlvqzi+QBYwxcG5l+NbkAZiVl7g6A4QYSR:1F+Graz8TUj0mx+wOgybriVZg6ffSR
Score3/10 -
-
-
Target
resources/node_modules/body-parser/lib/types/raw.js
-
Size
1KB
-
MD5
acb38e4fe575afaf8d1a257e47c6e362
-
SHA1
ea7411ff5a71df8d426322d07103e5894630e29b
-
SHA256
4e9cc80a7ee8bd667c68c264b4c374b28e731246ddb6ec22c3968daf837e30a2
-
SHA512
157427ad25390339b045b9bb81753709498b69b2cc8b9c918c19d52d1cb4f6bbe5b6b07885d0a7f66ef359b7080dc9a42216f71911b08ade04c1a112192bff50
Score3/10 -
-
-
Target
resources/node_modules/body-parser/lib/types/text.js
-
Size
2KB
-
MD5
beb4ada09306f8d6435566d9e88076d3
-
SHA1
eda9bc036c9d10f1400cd2e4a8832949671cadc7
-
SHA256
54a6e8ef720b06a300b21f6c60387805dec743a64154784a609dfe8c6860776a
-
SHA512
5d9c9c6837b9599d29db9b1eb54cd2a4e215feeb028137f31c20f2b02e38f600aa8c02721444dc41d7bfc206ad39a810076853d09fa1e3113b5708a75443131e
Score3/10 -
-
-
Target
resources/node_modules/body-parser/lib/types/urlencoded.js
-
Size
6KB
-
MD5
e04bd49ea67727ae23545e294035ad93
-
SHA1
6a703328d426ba118e48e2ace75a0791ef05219e
-
SHA256
c95ae36f567fbf892ecace94985abf21a83f6588db197a4742bc341c4ac7f994
-
SHA512
fa898d798c68e876bb6faf78fbe2d00acbc7bbbb57f17501731d697f8aca5977c17039020a2ba2b7a8d9ff754f26f1a48c468ae721af6752e67d43197e75f86e
-
SSDEEP
192:1F+GrIE8S/wtodXaUyx+wODybIb97fog6F5Kb9mMQ7eCfSR:6GkRYXadswOH97Tga9zQ7P6
Score3/10 -
-
-
Target
resources/node_modules/body-parser/node_modules/debug/README.md
-
Size
17KB
-
MD5
03694893d682191b3c893701ba6f4a55
-
SHA1
38096a9c10830714695a97a8501b817eb0a7534e
-
SHA256
cda3dbd285a2b65894758565a565e7bc2e7c3696225af7b5bd01454240df0aea
-
SHA512
3b80ea8a912ec4ddf1a1e2fc3f3ebd8f4bc6f591f9b2732694cb5627c549d7911c1a6eb82ab68ac025e13e090b3e39b8b4ae66a9159f45696b6343ce76213f54
-
SSDEEP
192:H6R76Zbt7yJXxRrHQbSb4BDyzWM/XAoxIM6jep2JVhgu9o8ZT/ueXBEgdjaSjVwo:U7DxRrqB4rxIMajJVeqaxq3
Score3/10 -
-
-
Target
resources/node_modules/body-parser/node_modules/debug/karma.conf.js
-
Size
1KB
-
MD5
06f3babbdc43c6c4dd1493b6c1af32e2
-
SHA1
93fef7cf3ed6f04d2cfc3cd0b8d5d972d35cfd29
-
SHA256
2430869adb61a5e24a3612110a9b49a948e6db43ab7e947c003a9c19c478e609
-
SHA512
ad65132ed6f675f6f318fefa36f4e6c23f3ff4dc47d02575f6d5bef7b062a2e90aea1a43dd5327c2565be3d834c969ff2ae3efdb2add4a958882a6f056f659ea
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Access Token Manipulation
1Create Process with Token
1Hide Artifacts
1Hidden Window
1Modify Registry
1