Overview

overview

5

Static

static

3

CapCut_726...er.exe

windows7-x64

4

CapCut_726...er.exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ed.dll

windows7-x64

1

$PLUGINSDI...ed.dll

windows10-2004-x64

1

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDIR/res.zip

windows7-x64

1

$PLUGINSDIR/res.zip

windows10-2004-x64

1

lang/ms-MY.json

windows7-x64

3

lang/ms-MY.json

windows10-2004-x64

3

lang/nl-NL.json

windows7-x64

3

lang/nl-NL.json

windows10-2004-x64

3

lang/pl-PL.json

windows7-x64

3

lang/pl-PL.json

windows10-2004-x64

3

lang/pt-BR.json

windows7-x64

3

lang/pt-BR.json

windows10-2004-x64

3

lang/ro-RO.json

windows7-x64

3

lang/ro-RO.json

windows10-2004-x64

3

lang/ru-RU.json

windows7-x64

3

lang/ru-RU.json

windows10-2004-x64

3

lang/sv-SE.json

windows7-x64

3

lang/sv-SE.json

windows10-2004-x64

3

lang/th-TH.json

windows7-x64

3

lang/th-TH.json

windows10-2004-x64

3

lang/tr-TR.json

windows7-x64

3

lang/tr-TR.json

windows10-2004-x64

3

lang/vi-VN.json

windows7-x64

3

lang/vi-VN.json

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CapCut_7267140873131950085_installer.exe

  • Size

    2.2MB

  • Sample

    240411-dcs2ysae25

  • MD5

    c91e097550ea6ccedf592d8b83414e0d

  • SHA1

    021f3f26d86f98af28dc987baad8714f64867207

  • SHA256

    4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6

  • SHA512

    916898c9850ddfcd2c11da7421eeffc4d48406d9ad4787a4dc572ec17a81a39edd30733aa8cccde8b31450ff8031e3da68be019a8a0eff50c0a17ed4fa0aa3c9

  • SSDEEP

    49152:uGVKq6wrr98ArcTTuVMZCC8GYCNbFLg3dlXI5x8oaigMv3Dh:uGVLprJ8ArnVMZCUPFcNlXID8en1

Score
5/10
discovery

Malware Config

Targets

    • Target

      CapCut_7267140873131950085_installer.exe

    • Size

      2.2MB

    • MD5

      c91e097550ea6ccedf592d8b83414e0d

    • SHA1

      021f3f26d86f98af28dc987baad8714f64867207

    • SHA256

      4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6

    • SHA512

      916898c9850ddfcd2c11da7421eeffc4d48406d9ad4787a4dc572ec17a81a39edd30733aa8cccde8b31450ff8031e3da68be019a8a0eff50c0a17ed4fa0aa3c9

    • SSDEEP

      49152:uGVKq6wrr98ArcTTuVMZCC8GYCNbFLg3dlXI5x8oaigMv3Dh:uGVLprJ8ArnVMZCUPFcNlXID8en1

    Score
    5/10
    discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      2KB

    • MD5

      33ec04738007e665059cf40bc0f0c22b

    • SHA1

      4196759a922e333d9b17bda5369f14c33cd5e3bc

    • SHA256

      50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

    • SHA512

      2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/deviceregister_shared.dll

    • Size

      226KB

    • MD5

      8baaaeacb97679fb495e1c4f902f0a68

    • SHA1

      29185b00e4c56ff8cc22de64c1407809d60348f1

    • SHA256

      7c2a74c4be8d524a121e78e763c05c7b5cb58b524119ac8897c493e717a1d42a

    • SHA512

      49f864332165c0229f0588fa1fd56fdc04bb005be1b61a9367fac5f45c32783e2e633c8acb64c3a921d41d9b79ceb3315813aa409a8f725cc7193958bf4bb8e0

    • SSDEEP

      6144:5Nj2oPjbpV4hliZ7xsFARHtw+WY0L1TBWoBvF:6KV4hliZ7KFAb+L1TIo

    Score
    1/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/downloader_nsis_plugin.dll

    • Size

      1.2MB

    • MD5

      f181413906a465fd0dd68cc4a3d98803

    • SHA1

      5aa28be48047dd0b672ab98d5e7cbd8260486b4b

    • SHA256

      e28ff7b8fc4b1eb2d1f394ce15de2fc031cda58db645038c8c07581c31e79dda

    • SHA512

      8d0116bcbc3938b2ebdddf77dec87e4b6c872382d20b555571b0bc3e4a35f88d16bc450004f875a8271165b71bdbae5d4d474a5bfda4c7787da63f4325009c25

    • SSDEEP

      24576:UtF94NRXKCK8gEM4Vn8rHmAumkpF6sBE:Ut/uXTianGmAumkpFe

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/res.zip

    • Size

      162KB

    • MD5

      23e2490706d024bd70ccb906ebf0b62d

    • SHA1

      94c346ac69ff8867204f1a2346491342203980be

    • SHA256

      fbb054f0880b81de92be6a9500c6757f4e1a3e8e335e31821d76b49de8375c8c

    • SHA512

      fdd948396d184cc7e663678ce179721dc5d9ddedceb46110a86acfe4ac69613e36ed4030ece15ef95b575c0027d0e83f0c99f9c1c7fe55b967c86fe4cef86bd0

    • SSDEEP

      3072:xqbNMh58abnJ6taLk0gLP5mAugd+YMfYTY3CtKqnyL3d:zz/d6t+aLP5mAr7MfP3KKbLd

    Score
    1/10
    behavioral11behavioral12

    • Target

      lang/ms-MY.json

    • Size

      2KB

    • MD5

      400dcdc9756efa458508cf9309e8a2e3

    • SHA1

      ee54f53e60345589de7abce626451b05f571d918

    • SHA256

      df1a433609fb7462f827c17c5a658c97924a7d14041b4613e71d02acd2822b63

    • SHA512

      8d02f1ebf8f8ac488c2c9ddc54302f85bb35a9f5d51a62cced0c31968a34ed899b34e624455cdae4d2a8d339e7b8c2df56b1f17bd2c6044bda70aedadaeb87da

    Score
    3/10
    behavioral13behavioral14

    • Target

      lang/nl-NL.json

    • Size

      2KB

    • MD5

      fbb7c369df8884b20ef283e904b28050

    • SHA1

      8165627b7873d50b7da9d613419cfc8ed0adfb9a

    • SHA256

      f69b711523ed55b63206d5fcd2c4afcf03a69bf3b8ccfed31048ca479aefd56c

    • SHA512

      7ea1d87c4636e52621205740cc49eb68daa77cb85b55aafdcdf4c7cfdef29c665bafd3ee2318546e89ea40991e8eae007a850f97ee1a7474748f87185e43cad7

    Score
    3/10
    behavioral15behavioral16

    • Target

      lang/pl-PL.json

    • Size

      2KB

    • MD5

      6fc07adddbaf2d98a5fa47b1061d5f69

    • SHA1

      0237d120f95cc6a56cd13375cb38e094ba594b97

    • SHA256

      1be3aebb2748450c9d18bf41aaa3ab6659f544bcc97363da8d600985b844450c

    • SHA512

      7254ecf6cc9d4ba2d33fdd516617e1c631655ab8e253c6b039ebef8ba7b749c27cb2796041d4ed3079b6e0a281a64761db447d3709d38fc5f64fa4db7bab2177

    Score
    3/10
    behavioral17behavioral18

    • Target

      lang/pt-BR.json

    • Size

      2KB

    • MD5

      d2c8b30fbd813e99e644df20e1592491

    • SHA1

      abfa50b8840a8672be8cce37966172c4631ba5be

    • SHA256

      8813f8c06dd1b8faabc0b663e15beb2d75af30338e5171c5801a26d1ad8c1053

    • SHA512

      50111ec5cb755635b4db6ad67e0c7bdd578aabaa5e70756a5beb39297b4e6675cc367347dc6d42a3874b4a692207a873c0ce5a8ed80a1390d3894d1b5719893d

    Score
    3/10
    behavioral19behavioral20

    • Target

      lang/ro-RO.json

    • Size

      2KB

    • MD5

      4ec1d37141253b92fde4627dc5cd5931

    • SHA1

      cc012c02615b0c669aeecca216ecad9eb9e0e503

    • SHA256

      5c23af15e0906d000a2542e9045de58be90c3ea337c6e1d44ebbe2c3324392f6

    • SHA512

      dec57a526549096964eedd2fc9a0a70c1e5fcbb9fa1bcd1b8d7be8f3550db28a5068aa587956b44c40fa2e78e8e4c11598c4a658ec05777b087880197f730fc5

    Score
    3/10
    behavioral21behavioral22

    • Target

      lang/ru-RU.json

    • Size

      3KB

    • MD5

      9e652b9ccc1d7af2c91e1951ba72a7f9

    • SHA1

      00d7aa1c552c797e5622af9365db1002f3d95717

    • SHA256

      4dc7240dfaa0ab1124c2643b705bef56e15f40f88f34db1865cdfd6db209d14b

    • SHA512

      0448386e26846e5db502293d59de950937fea4f81763c8588ec088899e554ff4c2830e86a610891e6992cb134b94e497262e1441fe586f56b715167cc9ccc46b

    Score
    3/10
    behavioral23behavioral24

    • Target

      lang/sv-SE.json

    • Size

      2KB

    • MD5

      5bb5ff7dea43d9ca787dc2e22b5009e7

    • SHA1

      65c1c88756c897d61bb17bd6bf675e3b4edad4be

    • SHA256

      f407df9f029262f8c18fed972617429fbc892c0e76f63fa8f51d45e29ac17e42

    • SHA512

      d1175c6bb7fd9f8a852de73b21b9664e8966f6f96885cca09a2e2d029eaea05182f912f2c1d88cb6cc7b1dcae264aa6307c117978cf295e3df7327daa6cf32d1

    Score
    3/10
    behavioral25behavioral26

    • Target

      lang/th-TH.json

    • Size

      3KB

    • MD5

      205b00f88cf02c01806714b5806c5c3a

    • SHA1

      03894bdcb465a85de6a02510384ced04313cc438

    • SHA256

      b9862b313ee724ca2964993818261c018285f50e1753548baf7201e7da027eba

    • SHA512

      044cb4d9a9537b81de46842ee609f0b868b84cfc65e79c755ea850b564983c0f7e212f106b10c85d5d795608dfc9afc11a62af1b70fe81d3a8f89985b2a38a0c

    Score
    3/10
    behavioral27behavioral28

    • Target

      lang/tr-TR.json

    • Size

      2KB

    • MD5

      b10a9ddfe8d7d4bf8e313629d7b7f44e

    • SHA1

      5e91d021992218bf3ae177f45f67be9d15974fba

    • SHA256

      0edeca235bea4bf14acf79739c8375b9b8198e43552f1b993c2f9c3ea53e1d7d

    • SHA512

      2b8aab583daefc81ecbad2394ee458cf1e87a67c46e7b15683be4c900a776dbb591e36a035d035152ffb024069e42c3f2d619d87337d4dd8cf041c0ae6d2a715

    Score
    3/10
    behavioral29behavioral30

    • Target

      lang/vi-VN.json

    • Size

      2KB

    • MD5

      7d86e54c2dc8ebbf913d905d70965dd8

    • SHA1

      99e52ff355a8e01517bf28e22725e09b48792925

    • SHA256

      e2cf22dcb09ec4b58eecdaf35f260ccae3d2a924ee0d8b06a5c1631f79a174a5

    • SHA512

      1446e58ae26a84800d19791254aa1cfab9cb82a7830826c6f596002e7129a35e943b793a3b692f51cb3b78237bce47664c59577e3c9676c61e78159f633536f2

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

12
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks