General
-
Target
CPU CleanUp.exe
-
Size
8.4MB
-
Sample
241223-rwdy2askgv
-
MD5
6a42031540e4e70f1cfc0ae01b9dea26
-
SHA1
0639add264d3f99f7c6e536910d86ac86325fefe
-
SHA256
73aa580e8aee37ce5e4e1cc26418a4165a269748f98281d3be5ee834c2db2efc
-
SHA512
477495e650dbffa251103acbad2ff4ffcfc3e35627c5325f7e4f74fa2fa49225e7ab14ac9da9b92a6c99c7d0be134989a09a022c47d4a140bdfdcb55d08bf3c2
-
SSDEEP
196608:p8DRkdPwfI9jUCBB7m+mKOY7rXrZu6SELoSDmhfvsbnTNeW:+aqIHL7HmBYXrkRSaUN
Behavioral task
behavioral1
Sample
CPU CleanUp.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
CPU CleanUp.exe
-
Size
8.4MB
-
MD5
6a42031540e4e70f1cfc0ae01b9dea26
-
SHA1
0639add264d3f99f7c6e536910d86ac86325fefe
-
SHA256
73aa580e8aee37ce5e4e1cc26418a4165a269748f98281d3be5ee834c2db2efc
-
SHA512
477495e650dbffa251103acbad2ff4ffcfc3e35627c5325f7e4f74fa2fa49225e7ab14ac9da9b92a6c99c7d0be134989a09a022c47d4a140bdfdcb55d08bf3c2
-
SSDEEP
196608:p8DRkdPwfI9jUCBB7m+mKOY7rXrZu6SELoSDmhfvsbnTNeW:+aqIHL7HmBYXrkRSaUN
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3