General
-
Target
70ware.exe
-
Size
7.8MB
-
Sample
240726-scr7zsvcqj
-
MD5
b2094b618ce3c2ba52bcebaf4a8598c7
-
SHA1
e7bf5e0c347d264a43175b169fd2f117b4c50228
-
SHA256
8d1c64ccae01fc4d12c03b0f209c8be04d42a5eadc7c16b357fd6449e56e2e00
-
SHA512
ca1e2e38f2a08df6be24c6b79f58ffddf522202537945a0eb01fe3228b778c1d3156333f68e5b49b8e860d755a5507b72936fdc25f5babb70d259a11ac671a20
-
SSDEEP
196608:bt0+WBeNTfm/pf+xk4dlX/O2dRGtrbWOjgWyb:rWCy/pWu4DNdRGtrbvMWyb
Malware Config
Targets
-
-
Target
70ware.exe
-
Size
7.8MB
-
MD5
b2094b618ce3c2ba52bcebaf4a8598c7
-
SHA1
e7bf5e0c347d264a43175b169fd2f117b4c50228
-
SHA256
8d1c64ccae01fc4d12c03b0f209c8be04d42a5eadc7c16b357fd6449e56e2e00
-
SHA512
ca1e2e38f2a08df6be24c6b79f58ffddf522202537945a0eb01fe3228b778c1d3156333f68e5b49b8e860d755a5507b72936fdc25f5babb70d259a11ac671a20
-
SSDEEP
196608:bt0+WBeNTfm/pf+xk4dlX/O2dRGtrbWOjgWyb:rWCy/pWu4DNdRGtrbvMWyb
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-