Resubmissions

15/10/2024, 21:24

241015-z9agrssbmm 7

General

  • Target

    WaveBypasser.exe

  • Size

    53.1MB

  • Sample

    241015-z9agrssbmm

  • MD5

    adeb13ed4be55e7843db3a23ca09837a

  • SHA1

    c91d0cc7184de97a4d9221d36ec0abe1ebed0ffd

  • SHA256

    4270cf9684c5839b360fc33c9a8101e40f2f4c768a8ce55b4b0e0236a1bb7082

  • SHA512

    298cfb6d54db45019e460f13ab52f7e2b03c44c2c2f3a5c71130d64a048fc7b74f12c3c1e990295ab7182247bd819b03cd3c09e8ab26109fa0dc37ea26649a51

  • SSDEEP

    786432:fiIZWeEw7SQqMoknvNpA+vIlo0FdGgBQJbTiumfSXdZESWqEIBBwW2HK3EE:amEweQqMrlpA+Ql4pxTivfS4qrBB1UE

Malware Config

Targets

    • Target

      WaveBypasser.exe

    • Size

      53.1MB

    • MD5

      adeb13ed4be55e7843db3a23ca09837a

    • SHA1

      c91d0cc7184de97a4d9221d36ec0abe1ebed0ffd

    • SHA256

      4270cf9684c5839b360fc33c9a8101e40f2f4c768a8ce55b4b0e0236a1bb7082

    • SHA512

      298cfb6d54db45019e460f13ab52f7e2b03c44c2c2f3a5c71130d64a048fc7b74f12c3c1e990295ab7182247bd819b03cd3c09e8ab26109fa0dc37ea26649a51

    • SSDEEP

      786432:fiIZWeEw7SQqMoknvNpA+vIlo0FdGgBQJbTiumfSXdZESWqEIBBwW2HK3EE:amEweQqMrlpA+Ql4pxTivfS4qrBB1UE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks