dbfb2a2c4c136b5b2485dc226c576eae80b191173e90b8245880642dfaa570a5 | Triage

Resubmissions

27-12-2024 19:16

241227-xyv8zsxrhz 8

27-12-2024 18:55

241227-xkxjwsxqfw 8

Sharing

General

Target

WaveCrackedOP.exe
Size

39.6MB
Sample

241227-xyv8zsxrhz
MD5

17bf3222b14dbb2b9eba2fe9d5194dbd
SHA1

9fcda114abaac3274d8a9c4a993fd8aaad95e170
SHA256

dbfb2a2c4c136b5b2485dc226c576eae80b191173e90b8245880642dfaa570a5
SHA512

250bf74f6584e9ed16999a4ffe74b648959ae47199770a216219fed5fb3e1125c51ca6f4109614e1351d558e3d049a2afce759b0b6a4d79f4828650cbcae93a0
SSDEEP

786432:lhQQVl8ZrsEjyW88iwq3ObRqIW+e5R8t3orMxITX1blbAWQiwM9MQT25thym8uhl:DIgEjyWi3CRXW+eH8ghboE2Nyxuh0+

Score

8^/10

discovery evasion pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  WaveCrackedOP.exe
- Size
  
  39.6MB
- MD5
  
  17bf3222b14dbb2b9eba2fe9d5194dbd
- SHA1
  
  9fcda114abaac3274d8a9c4a993fd8aaad95e170
- SHA256
  
  dbfb2a2c4c136b5b2485dc226c576eae80b191173e90b8245880642dfaa570a5
- SHA512
  
  250bf74f6584e9ed16999a4ffe74b648959ae47199770a216219fed5fb3e1125c51ca6f4109614e1351d558e3d049a2afce759b0b6a4d79f4828650cbcae93a0
- SSDEEP
  
  786432:lhQQVl8ZrsEjyW88iwq3ObRqIW+e5R8t3orMxITX1blbAWQiwM9MQT25thym8uhl:DIgEjyWi3CRXW+eH8ghboE2Nyxuh0+
Score

8^/10

discovery evasion spyware stealer
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealer