← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New OpcJacker Malware Distributed via Fake VPN Malvertising
Researchers discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022. OpcJacker is an interesting piece of malware, since its configuration file uses a custom file format to define the stealer’s behavior. Specifically, the format resembles custom virtual machine code, where numeric hexadecimal identifiers present in the configuration file make the stealer run desired functions. The purpose of using such a design is likely to make understanding and analyzing the malware’s code flow more difficult for researchers.
MITRE ATT&CK & Malware Families
Indicators of Compromise (38 / 222 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 1a186a55a6281568bf74125bf0b3fe51 | MD5 of 565ea7469f9769dd05c925a3f3ef9a2f9756ff1f35fd154107786bfc63703b52 | 2023-03-29 | |
| FileHash-MD5 | 8d9709ff7d9c83bd376e01912c734f0a | MD5 of 49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3 MD5 of 49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3 | 2023-03-29 | |
| FileHash-MD5 | 0b2580a335be4dc5a6f8e851d0f1c6ac | MD5 of 938f2a778f092950d73c4f84bf7916a8ae48dc38a92ed3a2d2403d9ec8327e6c | 2023-03-29 | |
| FileHash-MD5 | 1ced7b921c2031ef7f79aa3413377cb3 | MD5 of f0778ef6a8d569a4c3e0c2397cfc3b46c8a34afa2cb56b1211ad9ea7dd962299 | 2023-03-29 | |
| FileHash-MD5 | 1e002643df848cbe12168e4fe01dcb7e | MD5 of aece788681d2a7a3bc76f78c65ec5418138dbd1f08bc042c4ef18c82946795c2 | 2023-03-29 | |
| FileHash-MD5 | 250cc501ba9290e7d4e85d44b550fecd | MD5 of 0489e667f339a52b6804d2f55353c7de8cc50fce6a6ca1f98c81a2d78657eb85 | 2023-03-29 | |
| FileHash-MD5 | 37685693b9b8c252d89070dfe495461e | MD5 of 1e75c0aacf39257b626018ebb4a6c790e29bb47fa1776e9099c5b0028bbd564b | 2023-03-29 | |
| FileHash-MD5 | 3dd44a2d508db959654e6d5a1704387f | MD5 of 07a0873764fe9150252b56a84bacee9d62fdf1f4529b1c92e9263a6314dbed7b | 2023-03-29 | |
| FileHash-MD5 | 428b76999fac8f7d846b0311a34d246c | MD5 of 8e61894bdbd5e1c817754aebe6afc705d81e1d70eb330e59de419810985566de | 2023-03-29 | |
| FileHash-MD5 | 46335a95e6103f5a313e33a05363b2c3 | MD5 of f46076aa03b64da37d0c3e9a6b336fe276e60b0288c9351f7089b0605057323d | 2023-03-29 | |
| FileHash-MD5 | 4656f87b1cdf73516ea03e4c08cb182b | MD5 of e8b64c06d1078d9d427679a43ef9e932f70ae83b50fc5a713d1fdf058019170a | 2023-03-29 | |
| FileHash-MD5 | 4a6ec5d2ea793e61dd8d9b76e3ef34bf | MD5 of 7749809e7bec6cde04b8042d7c6a4212adbdd71c73aa32e9004784d7d44c5457 | 2023-03-29 | |
| FileHash-MD5 | 4d7ed98dd5363255a2b791fb667a0ec5 | MD5 of 968fb7c732d99d45c39685cf5f30c104be13ec50e3789d68405a333b9000a812 | 2023-03-29 | |
| FileHash-MD5 | 5724cd1e1dca1df28c5f579ab7fe943b | MD5 of 955f6130cecb2012644699e6ad37ac60dbad7214dfaac79fd2a771451da5f158 | 2023-03-29 | |
| FileHash-MD5 | 5d27bfcbd2ef03041c284a31511e638e | MD5 of 79cb81c74b994b2b2dd351bb567c82e64c666192e25b8d571d00caffd3fdef76 | 2023-03-29 | |
| FileHash-MD5 | 5eb3688f8d8c721231e0a69ff9a2a94b | MD5 of 221f766bbf6705bb502a9abb1e6ad363a3a10daf084043605f069ac38e86528c | 2023-03-29 | |
| FileHash-MD5 | 62232089943511efdf148150c5e12d1d | MD5 of f5fe3540415b9cda7ae2f580adae1b8b40990c09741ed3cfe36a9bafffdc192a | 2023-03-29 | |
| FileHash-MD5 | 65c4996bb4e741001ec8024bdab02dab | MD5 of 3743a76f5a4a709236ccac39da482154abbcee35a8dda80230304e44620307b0 | 2023-03-29 | |
| FileHash-MD5 | 67f16582d51d20bc4aef0a19731d3280 | MD5 of 87eb8bc7404a7f7019dda05896831f77649479dbe761ac1efc8af37e4ea2bcb0 | 2023-03-29 | |
| FileHash-MD5 | 69de0ee96db74d9adf531862f7eec407 | MD5 of a9fb96412e739f17075ed1dba6b0e4442e0efce06b33f657ecdfc33f115ff676 | 2023-03-29 | |
| FileHash-MD5 | 6d760f276b258ee18dd163dd0d87bb37 | MD5 of 3e55bc263f473177ef12db88021597a370e1a305ea33576e220d36e19671a430 | 2023-03-29 | |
| FileHash-MD5 | 6d904dc237160c060e6eb55864fc8ff5 | MD5 of 35cb687175871c875e74137029aee73373e125f76666a984692dcb47b4fcdb18 | 2023-03-29 | |
| FileHash-MD5 | 6f692cba12ee795a349df94e318c3609 | MD5 of 4b5fda9d2ce0c3dae68cf1f0cf8805b25d547f4ff9f688c7dcf77c997a602c73 | 2023-03-29 | |
| FileHash-MD5 | 774ee38566f12d63eb9c8d3e8650a85c | MD5 of a8e36c87b13e47b622e49d475449c892c9dd52bd496ae8653b4804a8ce7e1c7f | 2023-03-29 | |
| FileHash-MD5 | 77ac005280303e07cf667b13e7de8bd7 | MD5 of 350180b0af74453be42b8965dcbc09849b2d73a7a3e40050cd894f24dd280c38 | 2023-03-29 | |
| FileHash-MD5 | 8cbc9351f6c3c8a796e5185f67880d6f | MD5 of b6b7c1d52d9d6a3ef073485145e49d36eafac70cb0c8e0c94eedc115cd4a25ee | 2023-03-29 | |
| FileHash-MD5 | 92eba8a211c2a3063d907005064ecf12 | MD5 of 13ed3739782eb2feae32aa2176cd8b0c0b5f9e45259b1c22ffe960b5fef31ffc | 2023-03-29 | |
| FileHash-MD5 | 93a4fdd473320d37ae59ed875632e4ef | MD5 of 3dd172bf8a7e2985f8387ffc4b6f2fc3ee05435b69a43d714d3137d9a5147127 | 2023-03-29 | |
| FileHash-MD5 | 992cb6d6a567d2ba4e625e8130be7fc3 | MD5 of b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794 | 2023-03-29 | |
| FileHash-MD5 | b2362907c61a06a1df4093acc67f7da2 | MD5 of feb3ab1217f993d9214bb0e1a9561709bd9a1172ceee719fa9051d9fa6aa9622 | 2023-03-29 | |
| FileHash-MD5 | b36bc72ad8f8856c57e15ab59c8ca8fb | MD5 of 1d3581daa5e60802b7a3382a03b1447a3f69593c6cd09c1fd4f3feda862042d4 | 2023-03-29 | |
| FileHash-MD5 | c7fe16098ee1bb461457ea2d18fcae7b | MD5 of a533ca19ad0f98ffc58c461afc3e7612f297135762252ed78f8be82e71be31e9 | 2023-03-29 | |
| FileHash-MD5 | dad62964697e998a6917373c0c115358 | MD5 of ecaf6da2a4dbe72fca16b9a758ed0bc2751884d9315411285555d8781617ef58 | 2023-03-29 | |
| FileHash-MD5 | f7208a1e38d07fd4f86ae128309a45a3 | MD5 of 1ade68b2ac855730719e36bc46a981082e99afb67670f0a00ab7f9eb76d5500a | 2023-03-29 | |
| FileHash-MD5 | f85a5c0689db0eb6dc87164d85e8715c | MD5 of 2b45d9e7e9da3d024c9891c43dc06c155a8a71a4bdf9b6a0eb522eab2744275b | 2023-03-29 | |
| FileHash-MD5 | fc4d816a5412c30fa7e5d0f7d1c60043 | MD5 of e00b8b5ae5a8437186bcfb4115e2466590753f8c268609e5d62fd7f438c7faae | 2023-03-29 | |
| FileHash-MD5 | febd44061e1c4759fb4596bb68482023 | MD5 of 900007491002debe93c5fb130d7514afe7ee3b84ec33494d75c0e575f1a0982d | 2023-03-29 | |
| FileHash-MD5 | ff8fda880cb1625744b8af741700cec0 | MD5 of cf95bdfd3a75f32ab9642104aee2ab879e90a4b791432951c360029815ff577f | 2023-03-29 |
References (2)
↗ https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html
↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising/ioc-new-opcJacker-malware-distributed-via-fake-vpn-malvertising.txt