4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6

Sharing

Copy URL

Twitter E-mail

General

Target

CapCut_7296238001489854469_installer.exe
Size

2.2MB
Sample

240204-2r5w3acfc3
MD5

c91e097550ea6ccedf592d8b83414e0d
SHA1

021f3f26d86f98af28dc987baad8714f64867207
SHA256

4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6
SHA512

916898c9850ddfcd2c11da7421eeffc4d48406d9ad4787a4dc572ec17a81a39edd30733aa8cccde8b31450ff8031e3da68be019a8a0eff50c0a17ed4fa0aa3c9
SSDEEP

49152:uGVKq6wrr98ArcTTuVMZCC8GYCNbFLg3dlXI5x8oaigMv3Dh:uGVLprJ8ArnVMZCUPFcNlXID8en1

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  CapCut_7296238001489854469_installer.exe
- Size
  
  2.2MB
- MD5
  
  c91e097550ea6ccedf592d8b83414e0d
- SHA1
  
  021f3f26d86f98af28dc987baad8714f64867207
- SHA256
  
  4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6
- SHA512
  
  916898c9850ddfcd2c11da7421eeffc4d48406d9ad4787a4dc572ec17a81a39edd30733aa8cccde8b31450ff8031e3da68be019a8a0eff50c0a17ed4fa0aa3c9
- SSDEEP
  
  49152:uGVKq6wrr98ArcTTuVMZCC8GYCNbFLg3dlXI5x8oaigMv3Dh:uGVLprJ8ArnVMZCUPFcNlXID8en1
Score

9^/10

discovery ransomware
- Renames multiple (384) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/deviceregister_shared.dll
- Size
  
  226KB
- MD5
  
  8baaaeacb97679fb495e1c4f902f0a68
- SHA1
  
  29185b00e4c56ff8cc22de64c1407809d60348f1
- SHA256
  
  7c2a74c4be8d524a121e78e763c05c7b5cb58b524119ac8897c493e717a1d42a
- SHA512
  
  49f864332165c0229f0588fa1fd56fdc04bb005be1b61a9367fac5f45c32783e2e633c8acb64c3a921d41d9b79ceb3315813aa409a8f725cc7193958bf4bb8e0
- SSDEEP
  
  6144:5Nj2oPjbpV4hliZ7xsFARHtw+WY0L1TBWoBvF:6KV4hliZ7KFAb+L1TIo
Score

1^/10
behavioral4
- Target
  
  $PLUGINSDIR/downloader_nsis_plugin.dll
- Size
  
  1.2MB
- MD5
  
  f181413906a465fd0dd68cc4a3d98803
- SHA1
  
  5aa28be48047dd0b672ab98d5e7cbd8260486b4b
- SHA256
  
  e28ff7b8fc4b1eb2d1f394ce15de2fc031cda58db645038c8c07581c31e79dda
- SHA512
  
  8d0116bcbc3938b2ebdddf77dec87e4b6c872382d20b555571b0bc3e4a35f88d16bc450004f875a8271165b71bdbae5d4d474a5bfda4c7787da63f4325009c25
- SSDEEP
  
  24576:UtF94NRXKCK8gEM4Vn8rHmAumkpF6sBE:Ut/uXTianGmAumkpFe
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/res.zip
- Size
  
  162KB
- MD5
  
  23e2490706d024bd70ccb906ebf0b62d
- SHA1
  
  94c346ac69ff8867204f1a2346491342203980be
- SHA256
  
  fbb054f0880b81de92be6a9500c6757f4e1a3e8e335e31821d76b49de8375c8c
- SHA512
  
  fdd948396d184cc7e663678ce179721dc5d9ddedceb46110a86acfe4ac69613e36ed4030ece15ef95b575c0027d0e83f0c99f9c1c7fe55b967c86fe4cef86bd0
- SSDEEP
  
  3072:xqbNMh58abnJ6taLk0gLP5mAugd+YMfYTY3CtKqnyL3d:zz/d6t+aLP5mAr7MfP3KKbLd
Score

1^/10
behavioral6
- Target
  
  lang/es-LA.json
- Size
  
  2KB
- MD5
  
  99dd9216cd82f0d950e799f4ef4ab5f0
- SHA1
  
  060da8898906e4f22256e7479479a51948d571fa
- SHA256
  
  93f248485a418a8bf08f057f0d07f7fd1a1d738aa40c4d87505f7f3cf89a96f3
- SHA512
  
  ce7130237e92740d6f3bfb928b172ee0cd672316f90ce4304a75c42b56b13b638f655476784d99c5321f655ec7cc8e9eaac969178e2fa3b3fb7951f5078f6c37
Score

3^/10
behavioral7
- Target
  
  lang/fi-FI.json
- Size
  
  2KB
- MD5
  
  7f3461641c4fafa68efabd242bbbcf2c
- SHA1
  
  f665d97653f308118679fb9a1ba46c8d75fd8cf3
- SHA256
  
  d0acb7efe8d9838dfba18b2fef4ebbf1672fd7ae870a99cca88f6d69f61239af
- SHA512
  
  6036e81c9bc6ff8594a555c978254612947f043a629b7c374c672d9eb8beafe3915c2792eb02c8c4b97f551766626ec91427fb05e169e2e42dc294c44e3d3444
Score

3^/10
behavioral8
- Target
  
  lang/fil-PH.json
- Size
  
  2KB
- MD5
  
  71edd16a3d6d44f27843bc7f788126a1
- SHA1
  
  dfee6fd3a49c350bdd265432b27133c8e7049739
- SHA256
  
  6378a860a5d6bcc8464d84c1f5044af36b9742314d51141158d806a2c2bde065
- SHA512
  
  c3fb8208fcce0d7b56431a64665b12b5f8cf37d2dd5f5fb9ef73006b5ee60a3c2eb6fe5e3dd3a57753e9b6c903db1ae66e83e7effd6e8b4862d1ef846521a59d
Score

3^/10
behavioral9
- Target
  
  lang/fr-FR.json
- Size
  
  2KB
- MD5
  
  664c8d88e247b24c398354558ace6368
- SHA1
  
  df5415ec18f6d86bdfbd5e236f52ebaa9a2551e5
- SHA256
  
  d8e552011694c84c5f70d8048a3dcae2389c1a4c69100697ca213869d18b3065
- SHA512
  
  ddc414679a11d9d11f0ded04dd17bc49fc1b2000500d157a6019d337f67f03e3af58b703a1d065aba298ec99ae08378641edd9cf654dc041674096a37cabb17c
Score

3^/10
behavioral10
- Target
  
  lang/hu-HU.json
- Size
  
  2KB
- MD5
  
  3fdc0d88380df7d844b59b7db2401c8c
- SHA1
  
  ac197aa656ec013c484d880c9d495340170cb269
- SHA256
  
  e162396923d415f91a5c07491341312aa954afb689cfa27c29d81b66dd448884
- SHA512
  
  9f73ba2a51b3772f31b2461bb48316b560288712c22460cf973404fa5ac64afbd3a9a93e8d6b89b36d53349e38273646785ecbfc73f84b82d0850ae509e8f6ec
Score

3^/10
behavioral11
- Target
  
  lang/id-ID.json
- Size
  
  2KB
- MD5
  
  c84766d69ccb5fd849ad2a736b838771
- SHA1
  
  b5712154c7357a2677a1c39659b998796e6ada1f
- SHA256
  
  ab27bf9416739c735e453b6ba3987b931067382491080833297e0da0b13d23e8
- SHA512
  
  a6b2046a25a451c0aa66150217d8ff10fe7211eee76fa397b809ebfbd1d773a627f38f092d10ad4404cd66f22e68c84609e925f7e0b0c91558ae336b8daa6d9c
Score

3^/10
behavioral12
- Target
  
  lang/it-IT.json
- Size
  
  2KB
- MD5
  
  cdd31cc33004f1bc41e39cef6453f531
- SHA1
  
  26fbb6dab44bd2285b432a1eb073f5da0bdb156e
- SHA256
  
  69e2d28bf1efaa716506c35a4f9b74f988e591be12be1b6bfd63f5fc8954234b
- SHA512
  
  ca42d7cc3929964e2adc4162835c0392b8dacee71bcdd08f673f40c7ae04b692c2972e7f620dc74a33badada9045cb829e8138670f033efd6773de51d5da6f02
Score

3^/10
behavioral13
- Target
  
  lang/ja-JP.json
- Size
  
  3KB
- MD5
  
  890170a4fff256e7867bf3f10a28a383
- SHA1
  
  7f2e36888202af0b3d33a36b3019ec16d08ea41a
- SHA256
  
  da4bf66da3e3b882394157c73a42294587ec4e94b58da21dfcab191b3855331e
- SHA512
  
  7f667c83c6f1871801dae646a7246b8a419db821b8e45368daee6afd108880cc7dcde2f4babb01afe1870c0cf1937695d12ee4655918d006c2156010343e4e3d
Score

3^/10
behavioral14
- Target
  
  lang/ko-KR.json
- Size
  
  2KB
- MD5
  
  a1083dddb438f99aaa04b1ff91712924
- SHA1
  
  ee30ef32f8f63254f6a17e77ef42e30266eb90ce
- SHA256
  
  d3a8dddd8dedbf469a703681e0d8c6f73ff7df814a09dad19fa0ba816dcbe170
- SHA512
  
  eb3fbe9f4a4d020b47f7ba42903f0d7c9b53f90af5f9544cfff4ad2d11d68d4e68db98e0bdcaedf2825f573cdc9497e8d32a562a8311be1b08186c299aeb7b25
Score

3^/10
behavioral15
- Target
  
  lang/ms-MY.json
- Size
  
  2KB
- MD5
  
  400dcdc9756efa458508cf9309e8a2e3
- SHA1
  
  ee54f53e60345589de7abce626451b05f571d918
- SHA256
  
  df1a433609fb7462f827c17c5a658c97924a7d14041b4613e71d02acd2822b63
- SHA512
  
  8d02f1ebf8f8ac488c2c9ddc54302f85bb35a9f5d51a62cced0c31968a34ed899b34e624455cdae4d2a8d339e7b8c2df56b1f17bd2c6044bda70aedadaeb87da
Score

3^/10
behavioral16
- Target
  
  lang/nl-NL.json
- Size
  
  2KB
- MD5
  
  fbb7c369df8884b20ef283e904b28050
- SHA1
  
  8165627b7873d50b7da9d613419cfc8ed0adfb9a
- SHA256
  
  f69b711523ed55b63206d5fcd2c4afcf03a69bf3b8ccfed31048ca479aefd56c
- SHA512
  
  7ea1d87c4636e52621205740cc49eb68daa77cb85b55aafdcdf4c7cfdef29c665bafd3ee2318546e89ea40991e8eae007a850f97ee1a7474748f87185e43cad7
Score

3^/10
behavioral17
- Target
  
  lang/pl-PL.json
- Size
  
  2KB
- MD5
  
  6fc07adddbaf2d98a5fa47b1061d5f69
- SHA1
  
  0237d120f95cc6a56cd13375cb38e094ba594b97
- SHA256
  
  1be3aebb2748450c9d18bf41aaa3ab6659f544bcc97363da8d600985b844450c
- SHA512
  
  7254ecf6cc9d4ba2d33fdd516617e1c631655ab8e253c6b039ebef8ba7b749c27cb2796041d4ed3079b6e0a281a64761db447d3709d38fc5f64fa4db7bab2177
Score

3^/10
behavioral18
- Target
  
  lang/pt-BR.json
- Size
  
  2KB
- MD5
  
  d2c8b30fbd813e99e644df20e1592491
- SHA1
  
  abfa50b8840a8672be8cce37966172c4631ba5be
- SHA256
  
  8813f8c06dd1b8faabc0b663e15beb2d75af30338e5171c5801a26d1ad8c1053
- SHA512
  
  50111ec5cb755635b4db6ad67e0c7bdd578aabaa5e70756a5beb39297b4e6675cc367347dc6d42a3874b4a692207a873c0ce5a8ed80a1390d3894d1b5719893d
Score

3^/10
behavioral19
- Target
  
  lang/ro-RO.json
- Size
  
  2KB
- MD5
  
  4ec1d37141253b92fde4627dc5cd5931
- SHA1
  
  cc012c02615b0c669aeecca216ecad9eb9e0e503
- SHA256
  
  5c23af15e0906d000a2542e9045de58be90c3ea337c6e1d44ebbe2c3324392f6
- SHA512
  
  dec57a526549096964eedd2fc9a0a70c1e5fcbb9fa1bcd1b8d7be8f3550db28a5068aa587956b44c40fa2e78e8e4c11598c4a658ec05777b087880197f730fc5
Score

3^/10
behavioral20
- Target
  
  lang/ru-RU.json
- Size
  
  3KB
- MD5
  
  9e652b9ccc1d7af2c91e1951ba72a7f9
- SHA1
  
  00d7aa1c552c797e5622af9365db1002f3d95717
- SHA256
  
  4dc7240dfaa0ab1124c2643b705bef56e15f40f88f34db1865cdfd6db209d14b
- SHA512
  
  0448386e26846e5db502293d59de950937fea4f81763c8588ec088899e554ff4c2830e86a610891e6992cb134b94e497262e1441fe586f56b715167cc9ccc46b
Score

3^/10
behavioral21
- Target
  
  lang/sv-SE.json
- Size
  
  2KB
- MD5
  
  5bb5ff7dea43d9ca787dc2e22b5009e7
- SHA1
  
  65c1c88756c897d61bb17bd6bf675e3b4edad4be
- SHA256
  
  f407df9f029262f8c18fed972617429fbc892c0e76f63fa8f51d45e29ac17e42
- SHA512
  
  d1175c6bb7fd9f8a852de73b21b9664e8966f6f96885cca09a2e2d029eaea05182f912f2c1d88cb6cc7b1dcae264aa6307c117978cf295e3df7327daa6cf32d1
Score

3^/10
behavioral22
- Target
  
  lang/th-TH.json
- Size
  
  3KB
- MD5
  
  205b00f88cf02c01806714b5806c5c3a
- SHA1
  
  03894bdcb465a85de6a02510384ced04313cc438
- SHA256
  
  b9862b313ee724ca2964993818261c018285f50e1753548baf7201e7da027eba
- SHA512
  
  044cb4d9a9537b81de46842ee609f0b868b84cfc65e79c755ea850b564983c0f7e212f106b10c85d5d795608dfc9afc11a62af1b70fe81d3a8f89985b2a38a0c
Score

3^/10
behavioral23
- Target
  
  lang/tr-TR.json
- Size
  
  2KB
- MD5
  
  b10a9ddfe8d7d4bf8e313629d7b7f44e
- SHA1
  
  5e91d021992218bf3ae177f45f67be9d15974fba
- SHA256
  
  0edeca235bea4bf14acf79739c8375b9b8198e43552f1b993c2f9c3ea53e1d7d
- SHA512
  
  2b8aab583daefc81ecbad2394ee458cf1e87a67c46e7b15683be4c900a776dbb591e36a035d035152ffb024069e42c3f2d619d87337d4dd8cf041c0ae6d2a715
Score

3^/10
behavioral24
- Target
  
  lang/vi-VN.json
- Size
  
  2KB
- MD5
  
  7d86e54c2dc8ebbf913d905d70965dd8
- SHA1
  
  99e52ff355a8e01517bf28e22725e09b48792925
- SHA256
  
  e2cf22dcb09ec4b58eecdaf35f260ccae3d2a924ee0d8b06a5c1631f79a174a5
- SHA512
  
  1446e58ae26a84800d19791254aa1cfab9cb82a7830826c6f596002e7129a35e943b793a3b692f51cb3b78237bce47664c59577e3c9676c61e78159f633536f2
Score

3^/10
behavioral25
- Target
  
  lang/zh-CN.json
- Size
  
  2KB
- MD5
  
  d581466cf35571a3bd85f1a3526af113
- SHA1
  
  3ccd7ef59ae956b85d473d8c8b8f13a657874868
- SHA256
  
  2f7d63b15220ee614464aec459c21e4d4a436b2bc7a9e5fb8204ab6acbf7d908
- SHA512
  
  76dc29e73c347985ae24a210023c43f41ddda2df0e899b262ad91fe1f79c95058d447f8fa7d8685769220e88a57b8b26177db26d603e9dbd7940130405fae997
Score

3^/10
behavioral26
- Target
  
  lang/zh-TW.json
- Size
  
  2KB
- MD5
  
  756c12abe68bd711a55ee314cb28d1e4
- SHA1
  
  34aa996a3f9abeb19de3a60d469b83084593f083
- SHA256
  
  bd1765083c33e63d2e3e7b413ece0346d9a708ef4ccc49af7e10ce1528766962
- SHA512
  
  62c96a3cb2560ab81c363ef49e990540c6db4642545a4e662c404c52c04eca4a6283d50de4481fec896bf3bede85d91e1c550bb84e5b5a3c526cb9cd7a280505
Score

3^/10
behavioral27
- Target
  
  resource/install.xml
- Size
  
  6KB
- MD5
  
  7118568fc299a29adafb58db159f7805
- SHA1
  
  9b55c2dd1b5ce1cd0c85aa0b918b7f2b59e0a46b
- SHA256
  
  f3cd52f2b87e7a13dbb2bf1c861464a8eabded7bed9f69258710864d2277aa93
- SHA512
  
  c6d3e82e0b558f8d9949c14f1481fb4eb0d69ada91752b9ee13a2239c65f293a3a6cc5d88ead03937a7dd1b8d9b9ad321552f1c52faea42e4e852b7430f1e963
- SSDEEP
  
  192:zy5a7JYbT4C0VQiQPmSUVwCwyMVOQpDNd0OksPTsjDT:OO2cnHp6Oo8WPIjf
Score

1^/10
behavioral28
- Target
  
  resource/message_box.xml
- Size
  
  7KB
- MD5
  
  fba45b18ad2ac3207f92432656d01aee
- SHA1
  
  602136ce69866e3d3acc51913a9263db6ad4b8c1
- SHA256
  
  687b4b93b6980baa43d472ad6bb9317d0c7b4705c40f317b222c304f195a74ba
- SHA512
  
  3a02d2a64808dced8a91c83c9243529c00f371063dec5a8ce1b258a10e541dac4a4f2d3fdf07ffb15571eddd49f24440db7475d304e0d577397360d7eb2f2961
- SSDEEP
  
  192:gGkkKPap0VQfQtkEp0VQfQrZUVw/wMNZUVw/wph9Kp0VQfQ3NZUVw/wb:+f0F0tGrCGwn02CGq
Score

1^/10
behavioral29
- Target
  
  resource/select_lang_msgbox.xml
- Size
  
  7KB
- MD5
  
  3adc67ab51af065bff05c7b901f43020
- SHA1
  
  b031c9bf6e1b169c3ad2dd89785c8da1dbf1f98a
- SHA256
  
  698f8b74b677f8e82aa78c0699cd522e8a98d42d9fe178198f8ee1acb48013ab
- SHA512
  
  4471b54f83c47f80a298b6fc35975a25ee6dc9f2e2e59a715c26ccfa393c64d73e350a4194c5da4d1ab06e65f91fe384eaa042c5f7b41c8457b9303ef8f2081c
- SSDEEP
  
  192:qyAqxAOldT8hvmOHjXNdEp37HubiA6FrSn3lZ0VQfQiWSUcwCwXrisji:HxH1ZczLpOXji
Score

1^/10
behavioral30
- Target
  
  resource/uninstall.xml
- Size
  
  3KB
- MD5
  
  a7fe8edd566313189f95bf2dcb446e8f
- SHA1
  
  59861253819948e9cad0da01d4f14e85593fdee1
- SHA256
  
  80bdfce70bd3fde49cb949043d0876568f8e59250714e8f7382b55179bba8257
- SHA512
  
  be4f890f3b83b190227db76244668ef36c27b82e31c5a97e12f066e673b17d758d0c464d1461ff3c05f3a5409b751eb43c3ead862ec15da85da3cfbd2127d5b5
Score

1^/10
behavioral31
- Target
  
  $PLUGINSDIR/shell_downloader.dll
- Size
  
  2.3MB
- MD5
  
  c052c0a2ed833d924b7799625413ac1c
- SHA1
  
  bdd08a29f4de283ba0eb3cda4abc26f6e85d4d5e
- SHA256
  
  098972cf9ddc9d574130e025a252a99b278de9cc0ae700acfb8c935c24eb1172
- SHA512
  
  89e67c29d5d8a401a70a5b572844f24bfde82d5d4259ecc5e6f12be0ddb434995a2e985914fc421973998e3fdc48b133e269e8bb1da513ec66199f01060162f1
- SSDEEP
  
  49152:ed86lJRUahxtsyZj1+z9DApoEV+i4u2VFZhDy+:ed86WsCA1+BDwdV94u2VFi
Score

3^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Renames multiple (384) files with added filename extension

Checks computer location settings

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32