← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CopperStealer Malware Infects Systems to Gather Sensitive Info via Websites Hosting Fake Software
WHITE Malware Advisory SVThreatIntel 2022-06-28 Modified: 2022-06-28
57
IOCs
HIGH VOLUME
Researchers noticed a new version of CopperStealer malware infecting systems via websites hosting fake software. They examined this new version that was reusing parts of the code related to a previous campaign. Similarities with earlier versions The following similarities from earlier versions were observed: - The same cryptor - Use of Data Encryption Standard (DES) with the same key - The same name of the DLL export function (for later versions of CopperStealer) - Data exfiltration to a Telegram channel (for later versions of CopperStealer) - Use of the executable utility MiniThunderPlatform
trojanspyiocs sha256MalwareCopperStealer
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
TrojanSpy
Indicators of Compromise (17 / 57 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1904a558386f35f4e1bf49d779d8d9b4 MD5 of ed4439c85248c5b0c11a9c32cf693c47d18ff25f8e199a89496a15ede73689c1 2022-06-28
FileHash-MD5 2a8790e657bc856b081f35709f2d07ad MD5 of b5cd2873be627097f77fe8821914af16f4a748dc52d66e709f5b54d5c9ff9b41 2022-06-28
FileHash-MD5 7c7671a948fb42fd70f55432e8a21786 MD5 of e69026db820b4aecb17d98bf3cb9f40b78758232a5b45b5b7ba84850bd9f9ec5 2022-06-28
FileHash-MD5 9c1371cfd128c60ecdb3943346ecd4e8 MD5 of bbbc5ac3a559feeb1b095d187f5efeb3969a03b5f5f3eccfe9006b5baaac7c56 2022-06-28
FileHash-MD5 9d8abb4e60c34b773cd5870cce953ca9 MD5 of a23737d387313b4a1f68967af10b1e38169681cce6214f0a96b0ad6ecaab360d 2022-06-28
FileHash-MD5 cb39d19f07ea387b1f1dcd22f889545b MD5 of 67c7123df075ad1cc57add82757871572a7242e6d05b1c6797c9fddd6fc2e851 2022-06-28
FileHash-MD5 fb2f13bdf700ed28b6ecd8436ce9bbec MD5 of 1a2611d1579a47129483745f1867cee41c87d9394aec2d2c7120717c1e932d8a 2022-06-28
FileHash-MD5 04bc575585d4663f227cef14a65bea26 MD5 of d2632e36aeaa4204b4717fef742288773318674b1c692ae901289bdfd12ff053 2022-06-28
FileHash-MD5 17eeaaeed9dfd3489dddd0a81a2c9bac MD5 of be456eba2a81ff1bf02f2509a7d43b6b950d3a5bbc129f920361077a4df754c1 2022-06-28
FileHash-MD5 2420ce50752a9c25203cecbe194606c5 MD5 of 63f6ac5da32d2b58776f43bfa494c5d851210d61a53b4df313e808ba40ce71e8 2022-06-28
FileHash-MD5 50d29ce69146091276ee2b94a8fc716a MD5 of 2a4ce819f0b77536614b510686365eaaf3505a084e52be940fb01e89e83b3716 2022-06-28
FileHash-MD5 574e6ec7f86d09d52083b92336a428e3 MD5 of 1f0b37c31226f2bb50c61bc028248963df6a7ec4124d55d7e9bcafa3e0d24cf7 2022-06-28
FileHash-MD5 5b0fac3d898b57cce8163e3f489997a0 MD5 of d2effe218ef9e9717c897494a8be0f217dd14dbd7f70b24d407a94bd86c1eb79 2022-06-28
FileHash-MD5 9d697541bda140b5ec2322fadc8210e9 MD5 of 6f1d27239e189ae0d759ad1ad82a72acf3bd531d4686f9f2afe0a13305fb5b81 2022-06-28
FileHash-MD5 aeaa73ca932e62719ec0239ba6a23bab MD5 of 281d3a8cb18df039b0f94ecd86b7bfc6226f582c0ca529e0fa0eed24e875e676 2022-06-28
FileHash-MD5 d4bee0374cd3b9252e8a61c3ea4a0031 MD5 of 3770ca41453a14f0c7f256618bae59f7bef2e7a8481ab3959865a1f5164abb9b 2022-06-28
FileHash-MD5 de31f005387e591edc03fdaf54cfd9fc MD5 of 5ece82f9bfb5f65c82e954ec7375479f4fd81cc743ce561c21eff045726f6e61 2022-06-28
References (1)
↗ https://www.trendmicro.com/en_us/research/22/f/websites-hosting-fake-cracks-spread-updated-copperstealer.html