General

  • Target

    Capys_Woofer.exe

  • Size

    7.4MB

  • Sample

    240407-tmwtlagf78

  • MD5

    f3c12c2eadefad6cb2e7923dc8ea585c

  • SHA1

    0a48001cb5fa4b2cb005bf18351df93db67496ec

  • SHA256

    1a464731a8ea79bf6e1ab8d2a7f61c9546ecac046df8b2fa01db993d0d934771

  • SHA512

    a1d2ff48eea2e0372e2bfee966914e18fa532144eceb66f246fed80a7b3273615e5285346c3d292ab2a691407a3c0bd2e0867bc7d68ed22cbc96c9cfc30beda6

  • SSDEEP

    196608:GO8PnKLjv+bhqNVoB0SEsucQZ41JBbIP11tJi:d8P+L+9qz80SJHQK1Jy1vJi

Score
7/10

Malware Config

Targets

    • Target

      Capys_Woofer.exe

    • Size

      7.4MB

    • MD5

      f3c12c2eadefad6cb2e7923dc8ea585c

    • SHA1

      0a48001cb5fa4b2cb005bf18351df93db67496ec

    • SHA256

      1a464731a8ea79bf6e1ab8d2a7f61c9546ecac046df8b2fa01db993d0d934771

    • SHA512

      a1d2ff48eea2e0372e2bfee966914e18fa532144eceb66f246fed80a7b3273615e5285346c3d292ab2a691407a3c0bd2e0867bc7d68ed22cbc96c9cfc30beda6

    • SSDEEP

      196608:GO8PnKLjv+bhqNVoB0SEsucQZ41JBbIP11tJi:d8P+L+9qz80SJHQK1Jy1vJi

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks