1. Collecting information such as
- List of your antivirus
- OS version of your device
- Collect your usename
- Collect your computer name
- Several banking applications/software
2. Clipboard hijacking
Casbaneiro can replace your clipboard, and if match with Bitcoin address, this virus will replace your address with hacker wallet address
Images from: Welivesecurity
3. Cryptography
- Command encryption
- String encryption
- Payload encryption
- Remote configuration data encryption
4. Distribution of this malware
- Fishy financial manager updates
- What’s cooking? A fowl Windows activator
5. Do you C what I C?
- Stored encrypted in the binary
- Embedded in a document
- Embedded in a crafted website
- Embedded in a legitimate website
- Generated using a fake DNS entry
6. Download & Execute functionality
- Via XML document
- Via special configuration file
- Email tool
- Password stealer
Here, I am just copying based point of this virus from articles. If you need to know how it works? You can read full article from Welivesecurity.com: https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/