General
-
Target
unparkcpu.exe
-
Size
10.2MB
-
Sample
240527-a81vwsad21
-
MD5
7e1f8a4eee4c5fceaff6bc615c9e3e67
-
SHA1
a63b57b857a984e9764aea434ac1cfc52facfc5a
-
SHA256
4baae4b07fae36e2dee0ccf6e817cce7dc248973a367ccf27a5b4f43f83d844d
-
SHA512
b34019724eb596444c000a577ce1d444b4ce7ea4c6781349429b3d66fd390d1176d2d27b63e5e7ded529816eb57fcdc84f2ee0d8738afc79794599b9cc1ba111
-
SSDEEP
196608:dhWg0+EkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:8+Ekfc4q1+TtIiFUY9Z8D8CcldlQNbX4
Malware Config
Targets
-
-
Target
unparkcpu.exe
-
Size
10.2MB
-
MD5
7e1f8a4eee4c5fceaff6bc615c9e3e67
-
SHA1
a63b57b857a984e9764aea434ac1cfc52facfc5a
-
SHA256
4baae4b07fae36e2dee0ccf6e817cce7dc248973a367ccf27a5b4f43f83d844d
-
SHA512
b34019724eb596444c000a577ce1d444b4ce7ea4c6781349429b3d66fd390d1176d2d27b63e5e7ded529816eb57fcdc84f2ee0d8738afc79794599b9cc1ba111
-
SSDEEP
196608:dhWg0+EkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:8+Ekfc4q1+TtIiFUY9Z8D8CcldlQNbX4
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-