General
-
Target
FusionWareV2.exe
-
Size
8.2MB
-
Sample
240607-fskrmabb89
-
MD5
77bdb72e44a72aa14d2f55b24932e432
-
SHA1
05fa398bb66597c74795c91f79da44c4ae1089eb
-
SHA256
a37683de5d9111f86149a94a4820a391bd91fd3e93628bfc61fbc16b2ca20c5d
-
SHA512
6304cc0a1e27766271cbbca295de952f3ef29292115eadba2174ff52953e4ee98d66e9a4bf8641f84a80a4ac4f28b30b41bbd28d57f72aad1eb260d4792f9ce9
-
SSDEEP
196608:errXwds1hurErvI9pWjgaAnajMsbSEo2+qYQ9HwZsiVtxh:3shurEUWjJjIfDq7w1Vtxh
Malware Config
Targets
-
-
Target
FusionWareV2.exe
-
Size
8.2MB
-
MD5
77bdb72e44a72aa14d2f55b24932e432
-
SHA1
05fa398bb66597c74795c91f79da44c4ae1089eb
-
SHA256
a37683de5d9111f86149a94a4820a391bd91fd3e93628bfc61fbc16b2ca20c5d
-
SHA512
6304cc0a1e27766271cbbca295de952f3ef29292115eadba2174ff52953e4ee98d66e9a4bf8641f84a80a4ac4f28b30b41bbd28d57f72aad1eb260d4792f9ce9
-
SSDEEP
196608:errXwds1hurErvI9pWjgaAnajMsbSEo2+qYQ9HwZsiVtxh:3shurEUWjJjIfDq7w1Vtxh
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-