General

  • Target

    bandicam-1-6-en.exe

  • Size

    5.0MB

  • Sample

    240222-zmxzjsfa61

  • MD5

    b3dda3747f13053c8d42651b898ae81b

  • SHA1

    04c3878ff05f1dd2a190ff7824bcfe6e64be70e0

  • SHA256

    e2bda9dd998cbfc495ad3c077b0340447ea325de375953fe7400b3044147730f

  • SHA512

    917d197afea2fc2320ed37ffe14b6eb9ade60d4b3bbbd062184c07c92444b13ae27f2e1df63728d335461b6e7d8139d147906102c0e102abc4e954dcfd77b8b5

  • SSDEEP

    98304:NPhahnEm71/Cs8awInQ9hBZ8XcoaRI5fRrZ8mO2zMQmhBhrqfDGi+4iVPcPx/:NPPmGawIBXcoaMRrZ8mz0Rrgii1jx/

Malware Config

Targets

    • Target

      bandicam-1-6-en.exe

    • Size

      5.0MB

    • MD5

      b3dda3747f13053c8d42651b898ae81b

    • SHA1

      04c3878ff05f1dd2a190ff7824bcfe6e64be70e0

    • SHA256

      e2bda9dd998cbfc495ad3c077b0340447ea325de375953fe7400b3044147730f

    • SHA512

      917d197afea2fc2320ed37ffe14b6eb9ade60d4b3bbbd062184c07c92444b13ae27f2e1df63728d335461b6e7d8139d147906102c0e102abc4e954dcfd77b8b5

    • SSDEEP

      98304:NPhahnEm71/Cs8awInQ9hBZ8XcoaRI5fRrZ8mO2zMQmhBhrqfDGi+4iVPcPx/:NPPmGawIBXcoaMRrZ8mz0Rrgii1jx/

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      6e663f1a0de94bc05d64d020da5d6f36

    • SHA1

      c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

    • SHA256

      458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

    • SHA512

      2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

    • SSDEEP

      192:VsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mj8ozxGUWumle:VsUHd9GN2d2iwl0impATIPdAj8Ov6

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      8e806ea2e205dc508a2fb5adda3419db

    • SHA1

      21beab4e309b139fdcca7dd708df8dbbfd2dd5a3

    • SHA256

      86a55734b8802051bbbd0e8c9c506d0ca985bc5c99113e99b309469046133937

    • SHA512

      6b362bdadd6801ceb6106485015a4ae6d227dc04c1397a730ac8fd44b00649876ee7cbd0d7690b41dcaa8451c94e9f5838daa9fbc21f7306740de89667468cc1

    • SSDEEP

      48:aTT4WeApYxYlxamAWHN+EuWkGWBBWAGr9SdLB8maofYZVSA:bWGSxamjHNDuWRWBBWvm6V

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      351b802508ee5462cbf7f35454a9dca6

    • SHA1

      7b9a1bc758e10af02124143680f636853b421da1

    • SHA256

      39275ee1767aac3ae0929a3e67a84a921610b45d5cfff3db1641893504d5c78d

    • SHA512

      6b0a4a500597fefaceb5eab79737d4f8dd253bb6bf8c263699314deda417763857b4407457d877b28f7a9c1f40a241d378ccae80c68541ff3f102eac8a6ff8d2

    Score
    3/10
    • Target

      $TEMP/BDMPEG1SETUP.EXE

    • Size

      1.2MB

    • MD5

      0589ff5a72fe0c792e804734792694f9

    • SHA1

      e27158e3e714625f2adcc27afd83b182e83b037b

    • SHA256

      2705379fddf8dd2841cfd384f48fda20d7012d1524ddc529efcd0631f68db70f

    • SHA512

      ea385c072de2d01a6e5b46dfcb7b7c12011d6138e837fab8fc147bbd0869e251452e645239a4b88cb675e525eb4abff76386d16ec4cb21ffeac6c5e5cdbea7a3

    • SSDEEP

      24576:l+dgmOVgcy4PoAcEBGN6LS6/jlmdLxJGOWdREJTzaCCiIEOm7c6KcB:l+zD4AARBGNAwx4OWzEJTzt1Ox6DB

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7579ade7ae1747a31960a228ce02e666

    • SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

    • SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    • SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Score
    3/10
    • Target

      $SYSDIR/bdmjpeg.dll

    • Size

      15KB

    • MD5

      2ac3988bbee9584c57efcff61616e105

    • SHA1

      cd92b3c225b497962cb90b1f5a68b5da42cb6ee3

    • SHA256

      9c260db97b168d699148dc58d9b013834052e610fbcc78da1c4d7cc2d33a0ce2

    • SHA512

      53eeca7a1c983bee04f6f923ffd14d4a44b13be407c10bbf854d06da1d397e36d19a0d99f0f1a8a66304e38f90f07fc2c395b37e4a8893bfb5a017cf4b3c916e

    • SSDEEP

      192:Jc7HKZhkNpB6zEjPAS/Qjbf32oXX3WLjSHB772HXrOR3Xp9EqQSp1Bz3F:Jc7FKQ6moXX3WaHt2HbOtj1Rz

    Score
    1/10
    • Target

      $SYSDIR/bdmjpeg64.dll

    • Size

      17KB

    • MD5

      77927b449d56412b0ab6590c64eab57b

    • SHA1

      396e62b9bceb8df74e23f8195b46a0866f8fc103

    • SHA256

      dc3f4851ea55efa525e79c83c6541f0530caf9912d66abbe38b213ff5eeaa0e2

    • SHA512

      a96036ddda07c3fec5e0c5a642c1e07da69c4927036c0be661c94f596a9cdf4c7535d1a752f1d4d60312e11685f74fd3a1dbc42beb0d7617d525a2776c36cca4

    • SSDEEP

      384:lJDZG0KBK/dtPG+6/EbeTnf3B7ydeR5ajfyOlo/:9z5eTfVtW2Olo

    Score
    1/10
    • Target

      $SYSDIR/bdmpega.acm

    • Size

      57KB

    • MD5

      5c4b1aef2352cbf6974464fa2276a54a

    • SHA1

      ba6fc5ab6836418d2a79dc67e2cf4305eb969d6d

    • SHA256

      4a5afb70467d433040a3e31574de84058ce78f75ee5cea944ff6e00c6b232b0a

    • SHA512

      c0274c1ac86637567188940159936acc6eeeccbf4247bb7ad7dc1c5f5da8d27283ca23270bc03de534e39b8cde0475d596e55f37419d7e45098c4c71b9f907d4

    • SSDEEP

      768:522IN9PYUY9gpi00laScPILN0M7AoA6Obh0vaTxDcFMbjmzc8R+R:k2IPPYUuguZ707dBDZbatR+R

    Score
    1/10
    • Target

      $SYSDIR/bdmpega64.acm

    • Size

      61KB

    • MD5

      15f294a30095669856f7ba556af0b679

    • SHA1

      991dd83adf483624c7e34b1ff02e6d3855a51282

    • SHA256

      64c8b2367272b8947163b359fca4353412b84e56540b1971bac3a867a1da3c9d

    • SHA512

      f56ce8a68017b7ed27df82000bc4b083c52b4e3bed4b641d79b6cc685fb3568ad0e7d1223d8a9c417d263ae0782a76ff0f263ab87b75d98cf19a70b8b04a595a

    • SSDEEP

      1536:Z2WopVs/uBbcwOTlZTd7wOtOOGr1aAv7E:IWopC+bly7fOOGr1aAv

    Score
    1/10
    • Target

      $SYSDIR/bdmpegv.dll

    • Size

      57KB

    • MD5

      4209e06b0b1dfffb1bc37faad2ecf79b

    • SHA1

      bd9967407d8cdf42d0b1ae71e40e3b1d540c42b7

    • SHA256

      c110b9f37061b7b7e97ee84ace455b4d12457e2b2ec20cb864685faa0bdef877

    • SHA512

      0b244985f449a9dc68dd2dceee0260380f01192888190d334130848bdff382db25eb6aeb29e739d091277ecece485de375d4c81df24bc44541a5cfead8d47816

    • SSDEEP

      768:Zxgp+ksjhdgwxdlAdRpIPevJ9kIgKuAz9aEuG6dA+9SFMitgc8Rs/C:ZGp+kyjgKeemXkIh9FixzyaRsK

    Score
    1/10
    • Target

      $SYSDIR/bdmpegv64.dll

    • Size

      61KB

    • MD5

      41243f42f45fa48b4510014f016ba2a6

    • SHA1

      66812776ebec20a526334445467c9810fdffb832

    • SHA256

      790ac30c76936939ec14e53093f305e53a0b8025b4459636033570799ee08c13

    • SHA512

      a84b738318312922d01249e8103872c6bffd549690b49a1ccadd3f35db1cb5cdae3ea87e8de8b8a85a7db6603d8d6c2e0214d6c66852da0b9153268863b0c2e5

    • SSDEEP

      1536:WwNeq0qunMKNTO4ZXuhZtaDJfLbr0dg/HRm3:W6eq9unMK9whXaDlLbr0dg/HRm3

    Score
    1/10
    • Target

      $TEMP/bdfilters.dll

    • Size

      3.1MB

    • MD5

      ce7771d46984248bdda017f5c6f608f7

    • SHA1

      1dc0f86c9b4752463b59d5070f59f99f63cc5ee5

    • SHA256

      a8e95fede4a8df0bb8881d19f2d81fd87f37118c8e93004e0857cebb996f44a3

    • SHA512

      b1e267f91c05544b4a02e57601e021934ba884eebfc51277cefa917383a1c1ec85ddeb3b5f927885967e46a0cb97adceae81443a6423fbbc2a598e717d279fb3

    • SSDEEP

      98304:o69qYpGOg2/rPiYmjDBmmhjOF5oggxtaIrZfVvvv:oYqYpGOg2/rPiY9Evvv

    Score
    1/10
    • Target

      bdfilters.dll

    • Size

      3.1MB

    • MD5

      ce7771d46984248bdda017f5c6f608f7

    • SHA1

      1dc0f86c9b4752463b59d5070f59f99f63cc5ee5

    • SHA256

      a8e95fede4a8df0bb8881d19f2d81fd87f37118c8e93004e0857cebb996f44a3

    • SHA512

      b1e267f91c05544b4a02e57601e021934ba884eebfc51277cefa917383a1c1ec85ddeb3b5f927885967e46a0cb97adceae81443a6423fbbc2a598e717d279fb3

    • SSDEEP

      98304:o69qYpGOg2/rPiYmjDBmmhjOF5oggxtaIrZfVvvv:oYqYpGOg2/rPiY9Evvv

    Score
    1/10
    • Target

      bdfilters64.dll

    • Size

      3.7MB

    • MD5

      79dd4a67830c508079eccdd8c1332cc4

    • SHA1

      f8a4fba282d40b8c1a9bf7339cec1e3d947d321d

    • SHA256

      87c92d2e700f9a3bc62630be3a92e2df01d8d497afcf30d466d65f926a65f230

    • SHA512

      2605d00cb14957384e1016a1f0e587e8c38a303814374ffeaf74504b8cd92d432c875b72d44b7a8565fa9c209d3d899560c4d47f7bf568a141b7100bd2525545

    • SSDEEP

      49152:rf2EUD3PQxTTvfwBvvfrsdBD3PQxTTvfwBvvfrsdBD3PQxTTvfwBvvfrsdyy1y6o:CEcn6QwJFPvvv

    Score
    7/10
    • Target

      bdcam.dll

    • Size

      433KB

    • MD5

      65e41d4d1b4026f613327bc8afa459ea

    • SHA1

      bbb158ecfc93d345e3c64cd9ea7b5f1f0e875f20

    • SHA256

      2ea45b8f233b61fc60058368eac9cec9f4f46f8cebc1f5ca4799a84a82e3e838

    • SHA512

      aeb1177843aba73e7dc0f4672ee51c99d193aade7f88bab89adca12b2833f4420c01cb13424cda2061912df3afca4a1571e9090d44c9ec6ee5460156af558cdd

    • SSDEEP

      6144:MSCt0Or771BggnS26o42wcPXkE7DexPkkeHhmPiY2sCOIwU:DC0Or771BggSf8DexskeHhm4sCOi

    Score
    1/10
    • Target

      bdcam.exe

    • Size

      975KB

    • MD5

      907a27105e6792d926220de1d69f9a90

    • SHA1

      d512f68501ace290604e4ab6f45bfd4361045301

    • SHA256

      c6700c69f3430da3fe9548d116e18b312ede6746eedf24dfd20aa42b6f70e249

    • SHA512

      779d5a0f41ded1cc3b6ab9d8c04d7ce4c2f5bf4207aa56ebf1ae530ac828fd6d953c9d623e815fdaddfba00c7a9da7678cfdaebe3e23e9e8d4538cae7c276a1b

    • SSDEEP

      24576:eL0ijEO42ldDBr/meL/zp8EVggU9MTXg6gVni:eIO7J9/VggTTXY9i

    Score
    1/10
    • Target

      bdcam64.bin

    • Size

      343KB

    • MD5

      2fc6fd53536961b070df7ba5caebf10b

    • SHA1

      224a957cbcc956d2243691a2fca06b233e01b5e4

    • SHA256

      58f7639fc9cfdb8266e48b743cd574c0a371e4286d75f50f8338305824f3dc84

    • SHA512

      6e5cde246eb8a6e86fac139fdbd9d8f58a7d000d60027cf214149bf1544324a0ba56fd822ba0c5a652b095c046d0582f4a71429e20877a8f0325fbb3d05edf62

    • SSDEEP

      6144:rW/wfSL8s+0ExBHGXY2296E0NnHQPH3qH6oSQkoKQvF/p/uwONct43D92UF:C/K0IBHGXI30NHQPna9pGHNu4B2U

    Score
    1/10
    • Target

      bdcam64.dll

    • Size

      527KB

    • MD5

      6735e157c2dd2f016544d263e8eb5165

    • SHA1

      b7e6d8cb10f99b216c87b08660e3cd6a674220f1

    • SHA256

      d78eeab3e08f311f276364c2c0327cf3992b15014b2bb9abcbbf683faa51e2a4

    • SHA512

      b7035578e97fdbb42e75348974f901871faeea7a9f6a864489b37952fa4967b714db810bd1f86dbe266028675894c1ad427b499accea339bd1f5514e825ad90a

    • SSDEEP

      12288:l6CfG+QDsn6g7zmpXXTt19CJYMSkp2PYiOzABObwF1yMxxrkK:swgDsn94XXTr9MYMSkp2PYiOzABObwFb

    Score
    1/10
    • Target

      bdcamih.dll

    • Size

      44KB

    • MD5

      718e3524077efbc6a9200953cae73f3e

    • SHA1

      d5427e5dc824f0e9574a8a7d50e310a0c29296e6

    • SHA256

      8328c2cf7e784fd9819d851c036b9ad42cc78540416250dd6afd663577aaedfd

    • SHA512

      464f83f143e299478bf565845e9bc058af6c8eff24fd9cffe5582c948dedfa0cf956d9b94b469a65d02e382c6f009b7eeec6607e6a52aa0ed085ceefb3fe7c25

    • SSDEEP

      768:DW5iWnxhudTWfqhV3xosqu4SPDbRzg2ORpN:C55eos1Pd6Rp

    Score
    1/10
    • Target

      bdcap32.dll

    • Size

      7.3MB

    • MD5

      dbd6094a7248f7a4bd755adc55f095da

    • SHA1

      cee1d24d3d5ccee5523599eee6d7dd2bdbc98d95

    • SHA256

      6939ff90e3e7f582b566fdf752e97ec4a345b5f90e6c957fafc73b493c997659

    • SHA512

      ee19b29ae0050a2ffd1921d81b1e0b5411d19601cc06acf7d17e4eee27c007fe7fe69d12fe9adc9eff04a8e90caffdef37ac835b4d13abc3b745e4f0ce7eefb7

    • SSDEEP

      98304:3gPAPZqYKADqYtZWOfCjqIlMdDBmmhjfF5oggfSsLLyn0vvvvL:3VZqYKADqYtZWOfCjqIlY0vvvv

    Score
    1/10
    • Target

      bdcap64.dll

    • Size

      8.1MB

    • MD5

      f4421e989622a0c2e4c0bd77a179c854

    • SHA1

      cee242a535f59d8ca8f470116518d4c80ba9afad

    • SHA256

      e0e958b9e002028900e48236041fe9a515e64d65d452fb541ae18fc93a482254

    • SHA512

      cb8a85b3ed4e88ec565bbc33829992922ffc52fa9a71f9c91d6d10d212ef3da215f360c9483bee8cc620d9777b63b06904064db1440a0e75b91e12b60d68b110

    • SSDEEP

      98304:0YLBTiCJjwa0BTKv4pqo4Tagwcx1wzcacRc+cz5ptQvvvvLs:B5LucacRc+clYvvvv

    Score
    1/10
    • Target

      bdfix.exe

    • Size

      440KB

    • MD5

      eeed3bd6972c1be2ed04886688db3e60

    • SHA1

      3cb808d109349d5e6612012746a66e259880d0ce

    • SHA256

      95e172c0359f8471d4f538053fe48a54a33cb7f5e64355692ed41e04d21cdeaa

    • SHA512

      c6e1c147ea7e4e3e6fe3e8225342e3a392841eca1a1262e128c1502e75111c6124b7811f8c66aca046bdd8354cb47c536948668ef7b4aee2d2fc21bb52a86bd5

    • SSDEEP

      6144:ViIwQE6bgUwMxP+iYkuSzrLaZnXh32kVLTvvn08GU+Fg95S4mOrOP8ulqD9A:Vi/Gn+iYAknx326vvn08GUdMOr/DhA

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks