Overview

overview

10

Static

static

10

Wave/CrackedAPI.ps1

windows7-x64

3

Wave/CrackedAPI.ps1

windows11-21h2-x64

3

Wave/Wave ...D].exe

windows7-x64

7

Wave/Wave ...D].exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wave.zip

  • Size

    7.2MB

  • Sample

    250104-gqtgeswkdx

  • MD5

    bbdc5f5610fe4187b812bbd5a5d94010

  • SHA1

    f178cb4cec3d7145c9745f5beeb3537977359ccb

  • SHA256

    f99b23097ecfa45fcfbf36e7d47d9c21fff1f61efca9ffd5c158dd2dad168606

  • SHA512

    07e049131944fc84d054aa0a74b7dcabab7101dacb090e01ba8488f4581e9affd48887d23b727e9766350c96acdb2c689837895959b3797610074ed0e951b6af

  • SSDEEP

    98304:fNUE0JlgNtJPUvAPF2B+HV3Gzj6Z5lqopEvK9A+1DhBD1MfXBbErS2AwhS22nmwF:1mOf+z5opa4A+1NqRbE+QAZJmA3hN2Y

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      Wave/CrackedAPI.dll

    • Size

      17KB

    • MD5

      344a860f13a69a7e54dddde2e173b959

    • SHA1

      2fa274e76554ad597eb7d7d3aee64b510f0bab68

    • SHA256

      a146c4caf7a218a89a50d4e4f62c5c3c7e93044eb533ec067e1b2c1beb1caff9

    • SHA512

      95a69181ecef824a1decbbdc297eeb0fcdc9cab946119d5a109324d99d2f2d712a04f71ab1de6c1b56e98bb45126b2c23d2a5d9e27da7480a53303df2e74fe71

    • SSDEEP

      384:L2PLC84oAlrigWtFpW8lZtrhh96yAOqYz3kHWiyyETdsSz5j5bHn:Cj+7WtFpW8Ltr1Pqw3k2iWmSjV

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      Wave/Wave [CRACKED].exe

    • Size

      25.0MB

    • MD5

      a934c390acf126818372c3b56a460e79

    • SHA1

      8000c37903a04b50fc9113b6faeca90f2ae59a43

    • SHA256

      c3e24e122965d0edc2664961eacb5c455424fb3d8f1df6d4dd6a1c6b9afd6e9b

    • SHA512

      0b07e98dcd162a97b2c11133a3c84fdc092ca679a35b2e21356a2f3ef2b64f6c0c81fe3d3701b3a13dd259df828bb450f9f22fa1eefceb4ad6d76efe67f867c8

    • SSDEEP

      98304:L0G+DjWM8JEE1FwamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEI5:LT+0zeNTfm/pf+xk4dWRimrbW3jmyc

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

2
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

System Information Discovery

3
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks