5ae41d15101ad481c2122d277eb991e9db02e9d360da737d6d3ebc9a2182d00a

Sharing

Copy URL

Twitter E-mail

General

Target

Amcrest SurveillancePro-Win64_International_IS_V2.003.00AC001.0.R.230524.exe
Size

184.6MB
Sample

240614-sld2qazcmr
MD5

f9d73e205be364a15c44e79d244c4ab7
SHA1

f4efdcfb2b249fe60bf7ed5cd48a8d171787a6e7
SHA256

5ae41d15101ad481c2122d277eb991e9db02e9d360da737d6d3ebc9a2182d00a
SHA512

a565fd8709aee6699d5d3015290b40784bdb7f22e82b9eaed7a0cd5fbe28bbb7c4895ca1f4a3bf7a34f50741e45023607c275e0f865eff4e98a5eb744f704a87
SSDEEP

3145728:/2KXK+6tO1Ze01pJe0ynesrC6k5kr3sEOaiSa1rzMlbszvVCZYHAWkWx54:NB913fwefhkrcEOai5Z4OVsx

Score

7^/10

Malware Config

Targets

- Target
  
  Amcrest SurveillancePro-Win64_International_IS_V2.003.00AC001.0.R.230524.exe
- Size
  
  184.6MB
- MD5
  
  f9d73e205be364a15c44e79d244c4ab7
- SHA1
  
  f4efdcfb2b249fe60bf7ed5cd48a8d171787a6e7
- SHA256
  
  5ae41d15101ad481c2122d277eb991e9db02e9d360da737d6d3ebc9a2182d00a
- SHA512
  
  a565fd8709aee6699d5d3015290b40784bdb7f22e82b9eaed7a0cd5fbe28bbb7c4895ca1f4a3bf7a34f50741e45023607c275e0f865eff4e98a5eb744f704a87
- SSDEEP
  
  3145728:/2KXK+6tO1Ze01pJe0ynesrC6k5kr3sEOaiSa1rzMlbszvVCZYHAWkWx54:NB913fwefhkrcEOai5Z4OVsx
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  Amcrest Surveillance Pro/msvcm80.dll
- Size
  
  504KB
- MD5
  
  60a6de55aa50d57a01b7148b0a7ea139
- SHA1
  
  da30628428724cd281151a60a361b27617b26508
- SHA256
  
  2fa2a2a4a0511493c5a360e66c7d62f0ea5891925636eac61cd9db09dbed5637
- SHA512
  
  376758a45744d2d3b9ef2d81387cffc1abc44753a1299550b1ccee47cbecf137c897510eb361693e518aac3348424ccb3cac3493d938a503a767eef96f5a3cc0
- SSDEEP
  
  6144:fQ2z1hZVqvjKlmjKbLhc/rSVMuPvgTlAh+zbUZyd/+O9LuMIjDOgzprhfXycrsXS:ffzTZGjKlmjKbLmjSVMK06h+fU3Xvo
Score

1^/10
behavioral3 behavioral4
- Target
  
  Amcrest Surveillance Pro/msvcp100.dll
- Size
  
  593KB
- MD5
  
  caed4a65caf1ef80aa81e9b135326658
- SHA1
  
  a3daf85194d0b149a91e13ba83a5e4a8968427ac
- SHA256
  
  a55f33a3a03273a8ba957506946a6b7e51576eb76e588e8de8c14fa46a886860
- SHA512
  
  2ce82b3df6c29d84fb9b12c92aa8dafdeab36d21a9d3c4acaf87b70b8acc53cc81537ef39b75ee674ee44b00a2853d7434216fa55bdd7ba17a6d8fbc76d4a8a3
- SSDEEP
  
  12288:YjPZyWVFYzxJ783DPO7fYxiMjNGgcskVk87y+vEKZm+aWodEE6cY:Y1ygYzxJ783DsIrcsTl+vEKZm+aWodEL
Score

1^/10
behavioral5 behavioral6
- Target
  
  Amcrest Surveillance Pro/msvcp140.dll
- Size
  
  618KB
- MD5
  
  9ff712c25312821b8aec84c4f8782a34
- SHA1
  
  1a7a250d92a59c3af72a9573cffec2fcfa525f33
- SHA256
  
  517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
- SHA512
  
  5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33
- SSDEEP
  
  12288:eNQSZJrC30ovvjPo9E/YZt4QEKZm+jWodEEV2qwcg5MpccRwLM:0Z2jPo96QEKZm+jWodEEYqwcg5Mpck9
Score

1^/10
behavioral7 behavioral8
- Target
  
  Amcrest Surveillance Pro/msvcp80.dll
- Size
  
  1.0MB
- MD5
  
  c332db81197e6e5d4a67d3789dbeb02a
- SHA1
  
  d691130e4808910ed5ca0640150b9badc8124243
- SHA256
  
  d3ed3fef0f3fd9d547d7ef60d5f532d6aab5bd45966abcb24bdf61dec60c813e
- SHA512
  
  660462070a3a4d4dff52e1d20c22dff1c6caab48f0d039a43e7f322099068ff0eb80dfc6dbb9bea7a2923e8986b36fbe6048ee147ae44be8696d6d93214cc6b9
- SSDEEP
  
  24576:ijUopfAPMaZ0eHSQSoSx2+5W1dV/b0rx1wKQhiPBk09I/GF6BiDWXBrT22396jIx:ijUoIZ0eHSQCx2/1dV/b0rnQhiPBk097
Score

1^/10
behavioral10 behavioral9
- Target
  
  Amcrest Surveillance Pro/msvcr100.dll
- Size
  
  809KB
- MD5
  
  366fd6f3a451351b5df2d7c4ecf4c73a
- SHA1
  
  50db750522b9630757f91b53df377fd4ed4e2d66
- SHA256
  
  ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5
- SHA512
  
  2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130
- SSDEEP
  
  12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1
Score

1^/10
behavioral11 behavioral12
- Target
  
  Amcrest Surveillance Pro/msvcr110.dll
- Size
  
  829KB
- MD5
  
  7c3b449f661d99a9b1033a14033d2987
- SHA1
  
  6c8c572e736bc53d1b5a608d3d9f697b1bb261da
- SHA256
  
  ae996edb9b050677c4f82d56092efdc75f0addc97a14e2c46753e2db3f6bd732
- SHA512
  
  a58783f50176e97284861860628cc930a613168be70411fabafbe6970dcccb8698a6d033cfc94edf415093e51f3d6a4b1ee0f38cc81254bdccb7edfa2e4db4f8
- SSDEEP
  
  24576:I+9BbHqWVFlB7s2ncm9NBrqWJgS0wzsYmyy6OQ:z9d7M3nS0wV
Score

1^/10
behavioral13 behavioral14
- Target
  
  Amcrest Surveillance Pro/msvcr80.dll
- Size
  
  778KB
- MD5
  
  4d89f6191db56cfa659388378f3dd688
- SHA1
  
  c5f28857b4d3a9d182b9c25f3d599bb84ccb8acb
- SHA256
  
  2219e15b66aba301909128e6775e0b4f8b28b529b3ec087161edae55e2676c65
- SHA512
  
  7a6b735bb80154e913e2d95e9e475cdfdec84cca410f4c05175aa7cc6d84adcb1726072f4b7b69acb88f9178ae67b9bf0c28d341a9a1dae3d32b4a36762eeb53
- SSDEEP
  
  24576:zffRUhGdopm8o5d/HJEoxsvaagwHmqo/mWeAgvzQQmhyBg:VUhtplQ/
Score

1^/10
behavioral15 behavioral16
- Target
  
  Amcrest Surveillance Pro/mwReader.dll
- Size
  
  3.2MB
- MD5
  
  b87dba447419771fe842ff359f79bca2
- SHA1
  
  c6ef9111f88167f818170f8b36fe51b649f8501f
- SHA256
  
  64ddda170a9c3b5644eb220f04384241f280434f4f1de25ea15fd5c7568f189c
- SHA512
  
  9f324913b3303124fb06d78d1f9362ff80107d8ef7945ac73d34cb4ea3278c64c1cbef19e0eeba51288e00d4072d7cfffd4f369c0abd24bcbe9fdb993ad030e7
- SSDEEP
  
  49152:DpM4IIIF71806UfC7X/Uq+8YUJg0g9Kz6veXx5E2EjyNCfcU13ffh3B72PzwHR/m:l7UaM87g0vOv13XD2PzA/q
Score

1^/10
behavioral17 behavioral18
- Target
  
  Amcrest Surveillance Pro/opencv_core2411.dll
- Size
  
  1.9MB
- MD5
  
  8f698b2d5eaa8ac4cc43ac3142704663
- SHA1
  
  0a87bcbfdf825c6650f8ab205f1f6f752b606fe0
- SHA256
  
  543694cbcf20952160103737e9e1d81e2a89d99730a72c86afc613c96c78309b
- SHA512
  
  87cc835e9b71f712285d25d80b863e0308a0860fd3157410b76a16851af769edbe0d1d6075eea8db90baafc08bc914840997480ee5faeaa949aa5e481afbf532
- SSDEEP
  
  49152:veJ5SpDDkh/5wrvlV46/EssIrDTVtgUYhrgl:c5Y8Z5wr9Vd
Score

3^/10
behavioral19 behavioral20
- Target
  
  Amcrest Surveillance Pro/opencv_highgui2411.dll
- Size
  
  1.8MB
- MD5
  
  99cb69e23b571bcc57fc3105985c49f5
- SHA1
  
  0e913e897b31f55d0d366d18917251786178e4d4
- SHA256
  
  0f78a593fa2f6ef8a50130a5c1c69450c5c0431e232d914b21a6feea6f48e800
- SHA512
  
  92fea9c681771f072760b673dd197bf52f57bd1fced1db74584f431322b48b904886f9c58e146fe88dd4a8c03cafaa15065e6337934de9f38f2875d69f883269
- SSDEEP
  
  24576:vEM/VtsGTrfRrIh5t7+pwZTS3HO+ImiZiA0b1kXV02RNNb3TMy8N8tMqKTytPRQV:Yh+psS3HO+Imi2oV02RNJmlT4RQ2
Score

3^/10
behavioral21 behavioral22
- Target
  
  Amcrest Surveillance Pro/opencv_imgproc2411.dll
- Size
  
  1.8MB
- MD5
  
  15162abd14bb45cb92cd300f69631539
- SHA1
  
  13b1f5edc93d217990ad356df4164a73efad4641
- SHA256
  
  942588906e1cf3ac22b9071afd8d5a498dd91a3e58a45145ae74b1fc1b9471da
- SHA512
  
  fc2bd627c65715b6b7381049a28fb66c83ae04f5fe640aaedaab32c11a24c7b7173e4418d927621464afd960ce5b8c3af15abf9699bbc78775d5a786609f299d
- SSDEEP
  
  24576:CMVjRDkrR5BpzIgy5GnbZe8mzG7dFcQQ+3H8qwQbPIRxtxF5Ke390rNB2/xqNYVl:CEjRm5B9by1ggQ83aYEWEDoT
Score

3^/10
behavioral23 behavioral24
- Target
  
  Amcrest Surveillance Pro/platforms/qdirect2d.dll
- Size
  
  1.3MB
- MD5
  
  4428a42b255bd0bb8efde81578dd8c97
- SHA1
  
  9101a17d5f146ca895b40d1485900ef90b84b81e
- SHA256
  
  d78741d4559e476b6f7f3c09a34163cab32b695d23fc4cbcee054ca34db99d70
- SHA512
  
  3693256d6a9264b032c90926dc9e8e9612f726a351b737034d61c3b688265ee17b6a8d82c532a507c4f18d9ef0e68a52b3342aa8357aa1010c48e2bbd4481bc3
- SSDEEP
  
  24576:L7T/SNtFytjpKnAilB1rCvoNK04qLZWqduc:LvEtctjAAin1rCvoNK04qQan
Score

1^/10
behavioral25 behavioral26
- Target
  
  Amcrest Surveillance Pro/platforms/qminimal.dll
- Size
  
  817KB
- MD5
  
  82379440c23e9dc8fe041745de9d001b
- SHA1
  
  74de6cfb937583ff37a0325d17500647341016fb
- SHA256
  
  29f10b883ec80c294f02ef1ff75a45640eeef6d56b289eeaa97d5b40efbd875b
- SHA512
  
  8e58b1e0510155fb1c5f4034e02b629b0bf90e76880de77cbb33cc93ee43239cee127a3c4a0ff523a933ea77058763c6fa130ebc7c607d2ef2bda2b84d46c568
- SSDEEP
  
  12288:y8mtOMLaCOhMNu8eVpfuHJXe9trZ1yslYfEWmLQJr:JmtOiLVNu8eVpmBqlkslJZ
Score

1^/10
behavioral27 behavioral28
- Target
  
  Amcrest Surveillance Pro/platforms/qoffscreen.dll
- Size
  
  724KB
- MD5
  
  c5eee02f693204c26b25792f39b9aa8e
- SHA1
  
  d2fcb4a574ec26f342a8904cb8c2c7026436e195
- SHA256
  
  0bc8eb17cec6687bbc964fe09216f4322cdf5f1cb3453224339214c3ae545fd6
- SHA512
  
  a6452ab263cb9dd10e9824b69bab02afb1d24f0be4debfd523b9952d72ff81975f8ef2216339d875eb034cf4a146b352654ffb18815671cd1a12afa29f57f3ba
- SSDEEP
  
  12288:Q5ta2AWfqUdzV8nMtp0g6A0wyD0aDfEWmGwBm:qta3WLdzV8nGZydQa4ZG9
Score

1^/10
behavioral29 behavioral30
- Target
  
  Amcrest Surveillance Pro/platforms/qwindows.dll
- Size
  
  1.3MB
- MD5
  
  2f6dd640c97a20e7e65a5648a6bc42a0
- SHA1
  
  76e2516950c283154ec291d373422a6cb65f3221
- SHA256
  
  8589eefb76b04b48f212cb92fb2e69ca64ddb71f33456e4b6ce97214f9889465
- SHA512
  
  8aa9a134560832554a59f77a5a24655681aab7695abfabd11fcd895f60e8b577affef4e44c0e903828e7a952c8bc66d3295140ac0669d15d1ecf8bbe7b1187e4
- SSDEEP
  
  24576:/aKWihQdYEVvItsGFbSQ4nUoA4/znMMdZkQQE:/zWih6YEVgtsYePnUoA4/znMMi
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32